Skip to main content
Use this checklist to ensure your StellarStack deployment is production-ready.

Pre-Deployment

Infrastructure Requirements

1

Server Requirements

  • Ubuntu 20.04+, Debian 11+, or RHEL 8+
  • Minimum 2GB RAM (4GB+ recommended)
  • 20GB+ available disk space
  • 2+ CPU cores
  • Root or sudo access
2

Domain & DNS

  • Domain name registered
  • DNS A records configured:
    • Panel domain (e.g., panel.example.com)
    • API domain (e.g., api.example.com)
    • Monitoring domain (optional)
    • Daemon/node domain (for all-in-one)
  • DNS propagated and verified
  • All domains point to server IP
3

Software Dependencies

  • Docker 20.10+ installed
  • Docker Compose v2.0+ installed
  • nginx installed and running
  • PostgreSQL 15+ (can run in container)
  • Certbot installed (for SSL)
  • Git installed (for daemon)
  • Rust/Cargo installed (for daemon)

Security Configuration

SSL/TLS Certificates

1

Generate Certificates

  • SSL certificates generated for all domains
  • Using Let’s Encrypt (Certbot) or valid CA certificate
  • Certificates properly configured in nginx
  • HTTP to HTTPS redirect enabled
  • Certificate auto-renewal configured
2

Security Headers

Configure in nginx:
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • X-XSS-Protection: 1; mode=block
  • Strict-Transport-Security (HSTS)
  • Content Security Policy (CSP)

Environment Variables

1

Required Variables

  • DATABASE_URL configured with secure password
  • BETTER_AUTH_SECRET generated (32+ chars)
  • FRONTEND_URL set to panel domain
  • API_URL set to API domain
  • JWT_SECRET generated (32+ chars)
  • DOWNLOAD_TOKEN_SECRET generated (32+ chars)
  • ENCRYPTION_KEY generated (64 hex chars)
2

OAuth Configuration (Optional)

  • OAuth provider credentials configured
  • Redirect URIs match production domains
  • Test OAuth login flow
3

File Permissions

  • .env file permissions set to 600
  • .env excluded from version control
  • No secrets in logs or error messages

Database Security

1

PostgreSQL Hardening

  • Strong database password (not default)
  • Database user has minimum required permissions
  • PostgreSQL only accessible from localhost (if local)
  • Regular backup schedule configured
  • Connection pooling configured

Network Configuration

Firewall Rules

1

Configure Firewall

Allow only necessary ports:
  • Port 80 (HTTP - redirects to HTTPS)
  • Port 443 (HTTPS)
  • Port 22 (SSH - restrict to your IP)
  • Port 2022 (SFTP - for file transfers)
  • Port 8080 (Daemon API - if applicable)
  • Block all other incoming ports
2

Docker Networks

  • stellar_network created for services
  • stellar created for game servers (172.18.0.0/16)
  • Network isolation configured

nginx Configuration

1

Reverse Proxy Setup

  • nginx configurations created for all services
  • Symlinks in /etc/nginx/sites-enabled/
  • client_max_body_size set (100M default)
  • WebSocket support configured
  • Proxy headers configured correctly
  • nginx syntax validated (nginx -t)
  • nginx reloaded
2

Rate Limiting

Configure nginx rate limiting:
  • Limit requests to API endpoints
  • Protect against brute force attacks
  • Configure reasonable limits for your use case

Deployment

Docker Containers

1

Deploy Services

  • Docker Compose file configured
  • Environment variables loaded
  • Containers started (docker-compose up -d)
  • All containers running (docker-compose ps)
  • Health checks passing
  • No errors in logs (docker-compose logs)
2

Database Setup

  • Database migrations run (pnpm db:push)
  • Prisma client generated (pnpm db:generate)
  • Admin user created (pnpm db:seed)
  • Database connection verified

Service Verification

1

Panel Access

  • Panel accessible at https://panel.example.com
  • No SSL certificate errors
  • Login page loads correctly
  • Can log in with admin credentials
  • Dashboard displays properly
2

API Access

  • API accessible at https://api.example.com
  • Health check endpoint responds
  • WebSocket connection successful
  • No CORS errors in browser console
3

Daemon Connection (if applicable)

  • Daemon service running
  • Daemon connected to API
  • Node visible in panel
  • Can create test server
  • Game server containers start successfully

Monitoring & Maintenance

Logging

1

Log Configuration

  • Application logs configured
  • nginx access/error logs enabled
  • Docker logs accessible (docker-compose logs)
  • Log rotation configured
  • Disk space monitoring for logs
2

Monitoring Stack (Optional)

  • Prometheus collecting metrics
  • Loki aggregating logs
  • Grafana dashboards configured
  • Monitoring domain accessible
  • Alerts configured for critical issues

Backups

1

Backup Strategy

  • Database backup schedule configured
  • Automated daily backups
  • Backup retention policy defined
  • Backups stored off-site or separate volume
  • Backup restoration tested
  • .env file backed up securely

Updates

1

Update Procedure

  • Update procedure documented
  • Backup before updates
  • Test updates in staging environment
  • Monitor for new releases
  • Security patches applied promptly

Performance Optimization

Database Optimization

1

PostgreSQL Tuning

  • Connection pool size optimized
  • Database indexes reviewed
  • Query performance monitored
  • Vacuum and analyze scheduled

Caching

1

Redis Configuration

  • Redis running and accessible
  • Redis persistence configured (appendonly yes)
  • Memory limits set appropriately
  • Cache hit rate monitored

Operational Readiness

Documentation

1

Internal Documentation

  • Server credentials documented securely
  • Deployment procedure documented
  • Rollback procedure documented
  • Emergency contacts listed
  • Runbook for common issues

Testing

1

Functionality Testing

  • User registration works
  • Login/logout works
  • OAuth providers work (if enabled)
  • Server creation works
  • Console WebSocket works
  • File manager works
  • Backups can be created and restored
  • Subuser invites work
  • Permissions are enforced
2

Performance Testing

  • Load testing completed
  • Response times acceptable
  • WebSocket performance acceptable
  • No memory leaks observed

Post-Deployment

Monitoring

1

Active Monitoring

  • Monitor container health
  • Watch for errors in logs
  • Monitor disk usage
  • Monitor CPU and memory usage
  • Set up alerting for critical issues

User Onboarding

1

First Users

  • Admin account secured (strong password + 2FA)
  • Initial users invited
  • User documentation provided
  • Support channels established

Security Checklist

Critical Security Items - Do not skip these steps!
  • All secrets are unique and randomly generated
  • Default passwords changed
  • SSL/TLS enabled for all domains
  • Firewall configured and enabled
  • SSH key-based authentication only
  • Regular security updates enabled
  • .env file secured (chmod 600)
  • Database access restricted
  • Backups encrypted and secured
  • Rate limiting enabled
  • CSRF protection enabled
  • Security headers configured

Common Issues

Database Connection Errors

Symptoms: API can’t connect to PostgreSQL Solutions:
  • Verify DATABASE_URL is correct
  • Check PostgreSQL container is running
  • Verify network connectivity between containers
  • Check PostgreSQL logs for errors

SSL Certificate Issues

Symptoms: Certificate errors in browser Solutions:
  • Verify DNS points to server
  • Regenerate certificates with Certbot
  • Check nginx configuration syntax
  • Verify certificate files exist and are readable

WebSocket Connection Failures

Symptoms: Console not updating, “Connection failed” errors Solutions:
  • Verify nginx WebSocket proxy configuration
  • Check for reverse proxy timeout settings
  • Ensure firewall allows WebSocket connections
  • Verify API_URL uses https:// (not http://)

Container Restarts

Symptoms: Containers constantly restarting Solutions:
  • Check logs: docker-compose logs <service>
  • Verify environment variables are set
  • Check for port conflicts
  • Verify dependencies are running (database, redis)

Next Steps

After completing this checklist:

Environment Variables

Review all configuration options

Self-Hosting Overview

Learn about deployment options
Keep this checklist handy for future deployments and updates.

Build docs developers (and LLMs) love

Get started for freeTalk to us