# Production Deployment Checklist

**Version:** 1.0.0
**Last Updated:** 2025-12-26

Comprehensive checklist untuk deployment ke production environment.

---

## Pre-Deployment Checks

### 1. Environment Configuration

- [ ] Copy `.env.example` to `.env`
- [ ] Set `APP_ENV=production` in `.env`
- [ ] Configure database credentials
- [ ] Configure cPanel API credentials
- [ ] Configure Cloudflare API credentials (optional)
- [ ] Set correct `SERVER_IP`
- [ ] Verify all `.env` variables populated

```bash
# Test environment configuration
php tests/system-check.php
```

---

### 2. Database Setup

- [ ] Create database: `CREATE DATABASE dashboard_db`
- [ ] Create database user with proper permissions
- [ ] Import schema: `mysql -u user -p database < database-setup.sql`
- [ ] Run migrations: `mysql -u user -p database < database-migrations/*.sql`
- [ ] Verify all tables created
- [ ] Test database connection

```bash
# Verify tables
mysql -u user -p database -e "SHOW TABLES;"
```

---

### 3. File Permissions

- [ ] Set directory permissions: `755`
- [ ] Set file permissions: `644`
- [ ] Set `.env` permissions: `600`
- [ ] Create `logs/` directory with `755`
- [ ] Verify `redirect/` folder accessible
- [ ] Check `.htaccess` files present

```bash
# Set correct permissions
find dashboard/ -type d -exec chmod 755 {} \;
find dashboard/ -type f -exec chmod 644 {} \;
chmod 600 dashboard/.env
```

---

### 4. Dependencies

- [ ] Install Composer dependencies: `composer install --no-dev --optimize-autoloader`
- [ ] Verify autoloader working
- [ ] Check PHP version >= 8.0
- [ ] Verify required extensions loaded

```bash
cd dashboard
composer install --no-dev --optimize-autoloader
php -m | grep -E "PDO|pdo_mysql|curl|json|session"
```

---

### 5. Security Configuration

- [ ] Disable `display_errors` in php.ini
- [ ] Set `expose_php = Off`
- [ ] Enable `session.cookie_httponly`
- [ ] Enable `session.cookie_secure`
- [ ] Set `session.cookie_samesite = Strict`
- [ ] Verify CSRF protection active
- [ ] Test rate limiting middleware
- [ ] Verify Mini WAF enabled

```bash
# Check PHP settings
php -i | grep -E "display_errors|expose_php|session.cookie"
```

---

### 6. Web Server Configuration

#### Apache

- [ ] Enable `mod_rewrite`
- [ ] Enable `mod_headers`
- [ ] Set `AllowOverride All` for document roots
- [ ] Configure virtual hosts
- [ ] Test `.htaccess` rewrite rules

```apache
# Verify modules
apache2ctl -M | grep -E "rewrite|headers"
```

#### Nginx (Alternative)

```nginx
location / {
    try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
}
```

---

### 7. SSL/TLS Configuration

- [ ] Install SSL certificate (Let's Encrypt recommended)
- [ ] Force HTTPS redirect
- [ ] Enable HSTS header
- [ ] Test SSL configuration (A+ rating)
- [ ] Update `session.cookie_secure = 1`

```bash
# Install Let's Encrypt
certbot --apache -d dashboard.yourdomain.com
certbot --apache -d go.yourdomain.com

# Test SSL
curl -I https://dashboard.yourdomain.com
```

---

### 8. Document Root Configuration

#### Dashboard (Admin)
```
Domain: dashboard.yourdomain.com
Document Root: /home/user/dashboard/public
```

#### Redirects (Public)
```
Domain: go.yourdomain.com
Document Root: /home/user/redirect
Wildcard: *.yourdomain.com → /home/user/redirect
```

- [ ] Verify dashboard accessible at correct URL
- [ ] Verify redirect handler working
- [ ] Test wildcard subdomain resolution
- [ ] Confirm folder separation correct

---

### 9. Caching Configuration

#### OPcache

```ini
# Add to php.ini or .user.ini
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=0
opcache.validate_timestamps=0
opcache.fast_shutdown=1
```

#### APCu

```ini
# Add to php.ini or .user.ini
extension=apcu.so
apc.enabled=1
apc.shm_size=32M
apc.ttl=7200
```

- [ ] Enable OPcache
- [ ] Set `validate_timestamps=0` for production
- [ ] Enable APCu for settings cache
- [ ] Test cache functionality

---

### 10. Code Quality

- [ ] Run PHPStan: `composer phpstan`
- [ ] Run PHPCS: `composer phpcs`
- [ ] Fix all code style issues
- [ ] Verify zero PHPStan errors
- [ ] Run system checks: `php tests/system-check.php`

```bash
# Run all quality checks
composer test
```

---

### 11. API Testing

#### cPanel API
```bash
php dashboard/public/test-cpanel.php
```

Expected:
- ✓ Connection successful
- ✓ API token valid
- ✓ Can list domains

#### Cloudflare API
```bash
# Via System Status in dashboard
# Check: Cloudflare API Status = Connected
```

- [ ] Test cPanel connection
- [ ] Test Cloudflare connection (if configured)
- [ ] Verify domain creation workflow
- [ ] Test wildcard subdomain creation

---

### 12. Functional Testing

#### Domain Management
- [ ] Add test domain
- [ ] Verify cPanel addon domain created
- [ ] Verify wildcard subdomain created
- [ ] Verify DNS record added to Cloudflare
- [ ] Delete test domain
- [ ] Verify cleanup successful

#### Shortlink Creation
- [ ] Create test shortlink
- [ ] Verify database entry created
- [ ] Test redirect: `https://go.yourdomain.com/test123`
- [ ] Verify click tracking working
- [ ] Test shim page (if enabled)
- [ ] Delete test shortlink

#### Security
- [ ] Test SQL injection protection
- [ ] Test XSS prevention
- [ ] Test CSRF validation
- [ ] Test rate limiting (60 req/min)
- [ ] Test Mini WAF blocking

```bash
# SQL injection test (should be blocked)
curl "https://dashboard.yourdomain.com/ajax/get-domains.php?id=1' OR '1'='1"

# Expected: 403 Forbidden or blocked
```

---

### 13. Monitoring & Logging

- [ ] Configure error logging path
- [ ] Set up log rotation
- [ ] Test error logging
- [ ] Monitor disk space
- [ ] Set up health check endpoint

```bash
# Test error logging
tail -f dashboard/logs/php-error.log
```

#### Health Check
```bash
curl https://dashboard.yourdomain.com/health.php

# Expected:
# {"status":"healthy","timestamp":1234567890,"checks":{"database":"ok"}}
```

---

### 14. Backup Strategy

- [ ] Configure database backups (daily)
- [ ] Configure file backups (weekly)
- [ ] Test backup restoration
- [ ] Document recovery procedures
- [ ] Store backups off-site

```bash
# Automated daily backup script
#!/bin/bash
mysqldump -u user -p database_name | gzip > /backup/db_$(date +%Y%m%d).sql.gz
```

---

### 15. Security Hardening

- [ ] Remove test files (`test-*.php`, `fix-db.php`)
- [ ] Delete `install.php` if exists
- [ ] Verify `.env` not accessible via web
- [ ] Verify `vendor/` not accessible
- [ ] Block access to `.git/` directory
- [ ] Update `security.txt` with actual contact
- [ ] Configure fail2ban (if available)

```apache
# Add to .htaccess
<FilesMatch "\.(env|log|sql|md|git)$">
    Order allow,deny
    Deny from all
</FilesMatch>
```

---

### 16. Performance Optimization

- [ ] Enable Gzip compression
- [ ] Minify JavaScript/CSS
- [ ] Optimize images
- [ ] Enable browser caching
- [ ] Configure CDN for static assets (optional)
- [ ] Database query optimization

```apache
# Enable Gzip in .htaccess
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>
```

---

### 17. Final Checks

- [ ] Test all critical workflows end-to-end
- [ ] Verify 404/500 error pages
- [ ] Check mobile responsiveness
- [ ] Test cross-browser compatibility
- [ ] Review security headers via SecurityHeaders.com
- [ ] Run Lighthouse audit (Performance, Accessibility, SEO)
- [ ] Document any known limitations

```bash
# Security headers test
curl -I https://dashboard.yourdomain.com | grep -E "X-|Content-Security|Strict-Transport"
```

---

### 18. Documentation

- [ ] Update README with production URLs
- [ ] Document environment variables
- [ ] Document deployment process
- [ ] Create runbook for common issues
- [ ] Document disaster recovery procedures
- [ ] Update CLAUDE.md with production specifics

---

## Post-Deployment

### Immediate (First 24 Hours)

- [ ] Monitor error logs closely
- [ ] Check database performance
- [ ] Monitor server resources (CPU, RAM, Disk)
- [ ] Test from different locations/IPs
- [ ] Verify SSL certificate valid
- [ ] Check DNS propagation

### Week 1

- [ ] Review access logs for unusual patterns
- [ ] Check for 404 errors
- [ ] Monitor API rate limits
- [ ] Test backup restoration
- [ ] Review security logs

### Monthly

- [ ] Update dependencies
- [ ] Review and rotate logs
- [ ] Check disk space
- [ ] Security audit
- [ ] Performance review

---

## Rollback Plan

If deployment fails:

1. **Database:** Restore from backup
   ```bash
   mysql -u user -p database < backup.sql
   ```

2. **Files:** Revert to previous version
   ```bash
   git checkout previous-version
   composer install
   ```

3. **DNS:** Update back to old servers (if changed)

4. **Notify:** Alert users of maintenance window

---

## Emergency Contacts

- **System Admin:** admin@yourdomain.com
- **Security Team:** security@yourdomain.com
- **On-Call Engineer:** +62-xxx-xxxx-xxxx
- **Hosting Support:** support@hostingprovider.com

---

## Success Criteria

✅ All checklist items completed
✅ System check passes: `php tests/system-check.php`
✅ Zero critical errors in logs
✅ All APIs responding correctly
✅ Security headers A+ rating
✅ Performance acceptable (<1s response time)
✅ Monitoring active
✅ Backups configured and tested

---

**Deployment Approved By:** _______________
**Date:** _______________
**Signature:** _______________

---

**Last Updated:** 2025-12-26
**Next Review:** Quarterly