Production Checklist
Everything you need before going live
Before deploying ATStatus to production, work through this checklist to ensure your status page is secure, performant, and ready for your users.
Important: This checklist is for production deployments. If you're just testing, you can skip many of these items. But before going live with real users, complete all required items.
Required
These items are essential for a production deployment.
Configure environment secrets
Set strong, unique values for NEXTAUTH_SECRET, CRON_SECRET, ENCRYPTION_KEY, and CSRF_SECRET. Never use defaults.
Enable HTTPS
Configure SSL/TLS certificates. Use Let's Encrypt for free certificates, or your organization's certificates. Never run production over HTTP.
Change default admin credentials
If using Demo build, immediately change the default admin@example.com credentials. Create a real admin account with a strong password.
Set NEXTAUTH_URL correctly
Set NEXTAUTH_URL to your production domain (e.g., https://status.example.com). This is required for authentication to work correctly.
Run database migrations
Execute npx prisma migrate deploy to apply all database migrations. Verify the database is properly initialized.
Build for production
Run npm run build to create an optimized production build. Never run npm run dev in production.
Recommended
These items are highly recommended for production use.
Configure email (SMTP)
Set up SMTP for email notifications. Test by sending a test email from the admin panel. Use a reliable email provider.
Set up monitoring cron job
Configure a cron job or systemd timer to run monitoring checks regularly. Without this, automatic status updates won't work.
Set up database backups
Configure regular backups of your SQLite database file or PostgreSQL database. Test restore procedures.
Configure process manager
Use PM2, systemd, or similar to manage the Node.js process. This ensures automatic restarts on crashes and startup on boot.
Configure reverse proxy
Set up Nginx, Caddy, or similar to handle SSL termination, compression, and static file caching.
Enable 2FA for admin accounts
Enable two-factor authentication for all administrator accounts. This adds crucial protection against credential theft.
Optional Enhancements
These items enhance your deployment but aren't strictly necessary.
Configure custom branding
Upload your logo, set brand colors, and customize the look to match your organization's identity.
→ Branding
Set up Discord/Slack webhooks
Connect to your team's communication channels for instant incident notifications.
Configure push notifications
Enable browser push notifications so users get instant alerts without email.
Enable cookie consent
If required by GDPR or similar regulations, enable the cookie consent banner.
Set up scheduled reports
Configure automatic uptime reports for stakeholders and executives.
Final Verification
Before announcing your status page to users, verify:
- Status page loads correctly at your domain
- Admin login works with your credentials
- All components display with correct status
- Test incident creates and displays properly
- Email notifications send successfully
- Monitoring updates status automatically
- Subscribe button works for visitors