Use this checklist to ensure a smooth deployment of the HazeBot web interface and API.
- Changed default API admin password (
API_ADMIN_PASS) - Generated strong API secret key (
API_SECRET_KEY) - Set
API_DEBUG=falsein production - Reviewed all environment variables in
.env - Removed any test/debug credentials
- Installed all API dependencies:
pip install -r api_requirements.txt - Tested API locally:
python api/app.py - Verified health endpoint:
curl http://localhost:5000/api/health - Tested authentication:
curl -X POST http://localhost:5000/api/auth/login ... - Confirmed all endpoints work
- Updated API base URL in
lib/services/api_service.dart - Tested web build:
flutter build web - Tested Android build (if needed):
flutter build apk - Verified login works with production credentials
- Server has Python 3.9+ installed
- Created dedicated user for the application
- Set up virtual environment:
python -m venv venv - Installed dependencies in venv
- Configured firewall rules (allow API port)
- Installed production WSGI server (gunicorn/uwsgi)
- Created systemd service file (or equivalent)
- Configured reverse proxy (nginx/apache)
- Set up SSL/TLS certificate (Let's Encrypt)
- Tested HTTPS access
- Configured automatic startup
- Set up logging
- Built production web bundle:
flutter build web --release - Deployed to static hosting (or served via nginx)
- Configured correct API URL
- Tested HTTPS access
- Verified CORS works
- Created keystore for signing
- Configured signing in
android/app/build.gradle - Built signed APK/bundle:
flutter build appbundle --release - Tested on physical device
- Uploaded to Play Store (or distributed APK)
- Can access web interface via HTTPS
- Login works with production credentials
- Can view bot configuration
- Can update configuration
- Changes persist after API restart
- Error messages are appropriate (no stack traces)
- Mobile/responsive layout works
- Set up log monitoring
- Configured error alerting
- Set up uptime monitoring
- Verified backup strategy
- Updated team documentation with access URLs
- Documented credentials location (secure)
- Created runbook for common issues
- Informed relevant team members
- Firewall configured (only necessary ports open)
- Rate limiting configured (recommended)
- HTTPS only (no HTTP)
- Strong password policy enforced
- Regular security updates scheduled
- Logs reviewed regularly
- Fail2ban or similar configured (optional)
- JWT secret is strong and random
- Tokens expire appropriately
- Input validation working
- No sensitive data in logs
- Error messages don't leak information
- SSH key-only authentication
- Updated system packages
- Disabled root login
- Configured automatic security updates
- Set up backup strategy
- Tested backup restore process
- Weekly: Review logs for errors
- Monthly: Check for dependency updates
- Monthly: Verify backups are working
- Quarterly: Security audit
- Quarterly: Review and rotate credentials
- Test updates in staging environment
- Create backup before updates
- Update dependencies:
pip install -U -r api_requirements.txt - Update Flutter:
flutter upgrade - Rebuild and redeploy
- Verify everything works
In case of issues:
- Have previous version backed up
- Document rollback steps
- Test rollback procedure
- Keep old credentials available
- Admin: _________________
- Developer: _________________
- Server host support: _________________
Deployment date: _______________ Deployed by: _______________ Server: _______________ URL: _______________
Additional notes:
cd api
python app.pygunicorn -w 4 -b 0.0.0.0:5000 api.app:appcd hazebot_admin
flutter build web --releasecd hazebot_admin
flutter build apk --releasecurl https://your-domain.com/api/health# Systemd service
journalctl -u hazebot-api -f
# Direct logs
tail -f /var/log/hazebot-api.logsudo systemctl restart hazebot-apiSecurity Reminder: Never commit credentials to version control!