Back-end post-launch tasks checklist

[thibaudcolas]

• Security Review: Ensure each section from has been reviewed using security best practices and you are confident with the site's security standards.
• Documentation review: Is everything important documented?
• Documentation review: Ensure there are no secret/sensitive values in the documentation (if public)
• Documentation review: Ensure the documentation is viewable over gitlab/github pages.
• Check FE caching is set up
• Ensure the production site allows indexing by setting the environment variable SEO_NOINDEX=False. This will add the <meta name="robots" content="noindex"> meta tag.
• [ ] Ensure dev and staging environments are not being indexed by confirming the existence of the <meta name="robots" content="noindex"> in the rendered HTML.
• Test that emails are sent (with correct from address and subject line prefixes) for form submissions (custom forms, password reset etc).
• Change hostname in the settings-sites-site to the production url
• Confirm production settings are in use
• Update allowed hosts
• Application logs are configured and being written to
• Check scheduled tasks have been set up and are functioning correctly (e.g. publish_scheduled_pages)
• Set up Mailgun for sending of email notifications (if not Mailgun: document alternative email service on client intranet article and who is responsible for admin).
• Set up Sentry
• Test 500 Error exception Sentry logging / Admin emailing
• Set up Papertrail
• Confirm SSL config is rated A+ on SSL Labs and security headers are rated A on Security Headers IO
• Check that all Django admin user accounts are using strong passwords (and optionally using 2FA) or are disabled [we can't check users' passwords, only if the default strong password validator has been changed]
• Double check Mailgun setup from django.conf import settings; from django.core.mail import send_mail; send_mail('test', 'test', settings.DEFAULT_FROM_EMAIL, ['...@torchbox.com'], fail_silently=False)
• Change email links from production url to live url at launch (emails should use the wagtail site record instead, so only that should be set correctly)
• Test sitemap.xml
• Test robots.txt is present and contains appropriate rules
• Ensure title tags are set as ‘ | Homepage Keyword’ for the homepage and ‘Other Pages | ’ for all other pages, where the “Homepage Keyword” part should come from the “Page title” field in the “Promote” tab.
• Create Heroku and Cloudflare error pages - sysadmin will add to Cloudflare when the pages are ready

[laymonage]

Hi @RealOrangeOne, I believe some of these tasks have been completed by you. Could you mark them as done, and let me know which ones I can work on? Thanks!

[RealOrangeOne]

@laymonage Just been through and checked the ones which have been done. Most of what's left is testing rather than actual dev, but should all be ready to go 😄