Zum Inhalt

Production Deployment Checklist

This checklist ensures that all important aspects for a professional production system are covered.

Pre-Deployment

1. Code & Dependencies

  • [ ] All changes committed and tested
  • [ ] requirements.txt is up to date
  • [ ] Pre-deployment checks executed: python utils/pre_deployment_check.py
  • [ ] No debug output or test code in production

2. Environment Configuration

  • [ ] .env file created for production (or system environment variables)
  • [ ] SECRET_KEY set and secure (not the default value!)
  • [ ] DEBUG=False in production
  • [ ] ALLOWED_HOSTS correctly configured (not *)
  • [ ] CSRF_TRUSTED_ORIGINS configured with HTTPS URLs
  • [ ] SESSION_COOKIE_SECURE=True (for HTTPS)
  • [ ] CSRF_COOKIE_SECURE=True (for HTTPS)

3. Database

  • [ ] Migrations reset/consolidated (if necessary)
  • [ ] Data migrations re-added (if necessary)
  • [ ] Backup strategy defined
  • [ ] Database backup created before deployment

4. Static & Media Files

  • [ ] STATIC_ROOT correctly configured
  • [ ] MEDIA_ROOT correctly configured
  • [ ] Directories exist and have correct permissions
  • [ ] Apache/Web server configured for static/media files

Deployment

5. Deployment Process

  • [ ] Deployment archive created: python utils/create_deployment_archive.py
  • [ ] Archive transferred to production server
  • [ ] Archive extracted on production server
  • [ ] Virtual environment activated
  • [ ] Dependencies installed: pip install -r requirements.txt
  • [ ] Deployment script executed: python utils/deploy_production.py
  • [ ] Pre-deployment checks on production server: python utils/pre_deployment_check.py

6. Application Server

  • [ ] Gunicorn configured (config/gunicorn_config.py)
  • [ ] Start/stop handled via script: scripts/mcc-web.sh

7. Web Server (Apache/Nginx)

  • [ ] Reverse proxy configured
  • [ ] SSL/TLS certificate installed
  • [ ] X-Forwarded-Proto header set
  • [ ] Static files served (not by Django)
  • [ ] Media files served (not by Django)
  • [ ] Health check endpoint reachable: /health/

Post-Deployment

8. Verification

  • [ ] Health check works: curl http://your-domain/health/
  • [ ] Admin interface reachable
  • [ ] API endpoints working
  • [ ] Static files served correctly
  • [ ] Media files served correctly
  • [ ] Translations working (DE/EN)
  • [ ] No errors in logs

9. Monitoring & Logging

  • [ ] Logging configured (File or Syslog)
  • [ ] Log rotation set up
  • [ ] Monitoring tools configured (optional)
  • [ ] Health check endpoint monitored

10. Backup & Maintenance

  • [ ] Automatic database backups set up (Cron)
  • [ ] Backup rotation configured
  • [ ] Media files backup strategy defined
  • [ ] Backup restoration tested

Security

11. Security Settings

  • [ ] SECRET_KEY securely stored (not in Git)
  • [ ] DEBUG=False in production
  • [ ] ALLOWED_HOSTS restrictively configured
  • [ ] HTTPS enforced
  • [ ] Security headers set (HSTS, CSP, etc.)
  • [ ] Admin interface protected (strong password)
  • [ ] API keys securely managed

12. File Permissions

  • [ ] Database file: Readable/writable for the configured user (the user that runs the application)
  • [ ] Media directory: Writable for the configured user
  • [ ] Static directory: Readable for the configured user
  • [ ] No sensitive files publicly accessible

Automation

13. Automated Tasks

  • [ ] Cron job for database backups: utils/backup_database.py
  • [ ] Log rotation configured

Documentation

14. Documentation

  • [ ] Deployment process documented
  • [ ] Rollback procedure documented
  • [ ] Backup restoration documented
  • [ ] Support contact information documented

Emergency Procedures

15. Rollback Plan

  • [ ] Rollback procedure defined
  • [ ] Backup restoration tested
  • [ ] Emergency contacts documented

Files Created

The following files were created for the professional setup:

  1. config/gunicorn_config.py - Gunicorn configuration
  2. utils/backup_database.py - Automatic backup script
  3. utils/pre_deployment_check.py - Pre-deployment validation
  4. Health Check Endpoint - /health/ in config/views.py

Quick Commands

# Pre-Deployment Checks
python utils/pre_deployment_check.py

# Create Backup
python utils/backup_database.py

# Deploy
python utils/deploy_production.py

# Check Health
curl http://your-domain/health/

# Server Control (Script)
/data/appl/mcc/mcc-web/scripts/mcc-web.sh status
/data/appl/mcc/mcc-web/scripts/mcc-web.sh restart

Cron Job Example

Add to /etc/crontab for daily backups:

Hinweis: Ersetzen Sie BENUTZER durch den vom Admin konfigurierten Benutzernamen, der die Anwendung startet.

# Daily database backup at 2 AM
# BENUTZER = der vom Admin konfigurierte Benutzer (z.B. mcc, www-data, etc.)
0 2 * * * BENUTZER cd /data/appl/mcc/mcc-web && /data/appl/mcc/mcc-web/venv/bin/python utils/backup_database.py --keep-days 7 --compress

Log Rotation

Create /etc/logrotate.d/mcc-web:

Hinweis: Ersetzen Sie BENUTZER und GRUPPE durch den vom Admin konfigurierten Benutzernamen und die Gruppe, die die Anwendung startet.

/data/appl/mcc/mcc-web/logs/*.log {
    daily
    rotate 14
    compress
    delaycompress
    missingok
    notifempty
    create 0640 BENUTZER GRUPPE
    sharedscripts
    postrotate
        /data/appl/mcc/mcc-web/scripts/mcc-web.sh reload > /dev/null 2>&1 || true
    endscript
}

Notes

  • Benutzer: Alle Scripts werden vom konfigurierten Benutzer ausgeführt (vom Admin definiert, z.B. mcc, www-data, etc.)
  • Cronjobs: Cronjobs werden vom konfigurierten Benutzer gestartet, nicht von www-data
  • Anwendungsstart: Die Software wird vom konfigurierten Benutzer gestartet, der Benutzer mcc ist nicht zwingend erforderlich
  • Backups should be tested regularly
  • Health check should be monitored by monitoring tools
  • Logs should be reviewed regularly