Production Checklist

Pre-launch checklist for the complete GO-MVP stack

Production Checklist

Verify everything before going live.

Backend

  • APP_ENV=prod is set
  • APP_SECRET is a unique random string (not the default)
  • DATABASE_URL points to the production database
  • JWT keys are generated and persisted via volume mount
  • JWT_PASSPHRASE matches the passphrase used to generate keys
  • Database migrations are applied
  • An admin user is created

Stripe

  • STRIPE_SECRET_KEY uses a live key (sk_live_...)
  • STRIPE_WEBHOOK_SECRET is set from the production webhook
  • Stripe webhook is configured with all 5 required events
  • STRIPE_SUCCESS_URL points to https://yourdomain.com/payment/success
  • STRIPE_CANCEL_URL points to https://yourdomain.com/payment/cancel
  • Plans are synced (bin/console app:stripe:sync-plans)

Email

  • BREVO_API_KEY is set with a valid key
  • EMAIL_SENDER_EMAIL uses a verified sender domain in Brevo
  • Brevo templates are created with correct IDs
  • Test emails are sending correctly

Firebase (if using social login)

  • FIREBASE_PROJECT_ID is set on the backend
  • NUXT_PUBLIC_FIREBASE_API_KEY is set on the frontend
  • NUXT_PUBLIC_FIREBASE_AUTH_DOMAIN is set
  • NUXT_PUBLIC_FIREBASE_PROJECT_ID matches the backend
  • Production domain is added to Firebase authorized domains

Frontend

  • NUXT_PUBLIC_API_BASE_URL points to the production backend
  • Analytics configured (Umami host + ID, if using)
  • CSP headers allow the production API domain

Cross-Project

  • CORS_ALLOW_ORIGIN on backend matches the frontend domain
  • EMAIL_VALIDATION_REDIRECT_URL points to frontend /auth/email-verified
  • FRONTEND_RESET_PASSWORD_URL points to frontend /auth/reset-password
  • All redirect URLs use https://

Infrastructure

  • HTTPS is configured on both domains
  • DNS records point to the server
  • GitHub secrets are set for CI/CD (DOKPLOY_WEBHOOK_URL)
  • CI/CD pipeline passes (test → build → deploy)

Smoke Test

After deployment, verify these flows work end-to-end:

  1. Landing page loads at https://yourdomain.com
  2. Register a new user
  3. Check welcome email arrives (via Brevo)
  4. Login with the new user
  5. Complete a Stripe test checkout
  6. Verify subscription appears on profile page
  7. Test forgot password flow
  8. Test social login (if configured)
  9. Access admin panel at https://api.yourdomain.com/admin
Previous ← Production Deployment