nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52af2a755c
fiddy/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
Nico f8e426542d
Some checks failed
Build & Deploy Fiddy (Dokploy) / build (push) Has been cancelled
Details
Build & Deploy Fiddy (Dokploy) / deploy (push) Has been cancelled
Details
feat: implement schedules pivot, scheduler service, and dokploy deploy flow
2026-02-15 17:10:58 -08:00

53 lines
2.1 KiB
Markdown
Raw Blame History

# Public Launch Checklist
## A) Infrastructure Baseline
- [ ] Domain DNS points to public IP.
- [ ] Router forwards only `80` and `443`.
- [ ] Host firewall denies all inbound except `80/443` and restricted `22`.
- [ ] `SSH_ALLOW_CIDR` policy validated.
- [ ] Postgres port `5432` is not public.
## B) App and Deployment
- [ ] Dokploy project connected to Gitea repo.
- [ ] Secrets configured:
- [ ] `DATABASE_URL`
- [ ] `DATABASE_SSL`
- [ ] `ALLOWED_DB_NAMES`
- [ ] `SESSION_COOKIE_NAME`
- [ ] `SESSION_TTL_DAYS`
- [ ] `DEBUG_API=0`
- [ ] `DOKPLOY_DEPLOY_HOOK`
- [ ] `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
- [ ] `DOKPLOY_HEALTHCHECK_URL`
- [ ] Deploy workflow passes build/test/push/deploy.
- [ ] Scheduler deploy workflow step passes.
- [ ] Post-deploy health gate passes (`scripts/wait-for-health.sh`).
- [ ] Manual smoke passes (`scripts/smoke-public-launch.sh`).
## C) Security Controls
- [ ] Existing Nginx TLS/headers/rate limits enabled (using `docker/nginx/fiddy.conf` template).
- [ ] If using NPM, `docs/08_NGINX_PROXY_MANAGER_SETUP.md` completed.
- [ ] If using NPM, Custom Location `/` includes header/request-id snippet.
- [ ] Request-id propagation enabled (`X-Request-Id` in responses).
- [ ] Server-side rate limits active (auth/write/ip limiters).
- [ ] Fail2ban or CrowdSec configured from `docker/security/`.
- [ ] No secrets/full invite codes in logs.
## D) Observability
- [ ] Loki, Promtail, Grafana, Uptime Kuma running.
- [ ] Promtail ingests `job="nginx"`.
- [ ] Dashboards show request IDs for incident triage.
- [ ] Alerts configured for 5xx/auth spikes/DB failures/resource pressure.
## E) Backup and Recovery
- [ ] Daily logical backup scheduled (`scripts/backup-postgres.sh`).
- [ ] Periodic base backup scheduled (`scripts/basebackup-postgres.sh`).
- [ ] Latest restore drill succeeded (`scripts/restore-drill-postgres.sh`).
- [ ] Drill logged (`scripts/log-restore-drill.sh` -> `docs/restore-drill-log.csv`).
- [ ] Measured RTO is acceptable.
## F) Rollback Readiness
- [ ] Previous stable release retained in Dokploy.
- [ ] Rollback runbook tested once in staging or low-risk window.
- [ ] Rollback smoke check verified.
Reference in New Issue View Git Blame Copy Permalink