Skip to main content

Go Live Checklist

System Administrator Checklist

Installation details

ItemValue
CMS and site domain
Database server hostname or IP address and port
Database name
Database administrator username
Database administrator password
SMTP server address
System user
SUExec user
System user password

Server specification checklist

Linux

  • 4CPU
  • 4GB RAM
  • 50GB OS disk
  • 150GB Application disk under /var/www/jadu
  • 50GB Database disk

Windows

  • Server must be at least 1 webserver and 1 database server
  • 60GB disk for OS
  • 150GB disk for Website
  • 50GB disk for Database

Apache

  • Disable SSL v1, v2, v3, TLS1.0
  • SSL Ciphers adjusted to best possible
  • VHost security set as required e.g allow from all (Check with PM to ensure Allow From All is OK)
  • mod_deflate
  • ServerAdmin
  • mod_expires
  • ServerSignature Off
  • ServerTokens Prod
    • Possibly in conf.d/jadu_security.conf
  • ExtendedStatus On
  • DirectoryIndex index.html index.php
    • Make sure that DirectoryIndex has index.php on fcgi installs
  • MaxClients
    • Based on RAM usage default starting point 150 httpd.conf
  • KeepAlive On, KeepAliveTimeout 5
    • httpd.conf
  • MaxKeepAliveRequests
    • 100 Approx 3/4 of max connections
  • Disabled Apache modules
  • Default site (null / blank / redirect page) + healthcheck
  • MaxRequestLen
    • Set in site's vhosts and galaxies template. Should be: 157286400
  • mod_security ConfigMod
  • security should be enabled with exclusions configured. Check an existing site.
  • <Files> wrapper in VHost
    • If not in /etc/httpd/conf.d/fcgi.d, check the site vhost and ensure php-wrapper has <Files> wrapper

PHP

  • user_ini.filename =
  • expose_php = Off
  • session.hash_function = 1
  • session.cookie_httponly = 1
  • session.gc_maxlifetime = 1440
  • mysqli.reconnect = On
  • session.gc_divisor = 100
  • error_reporting = E_ALL & ~E_DEPRECATED & ~E_NOTICE
  • date.timezone = <Timezone the website is primarily serving for>

OS

  • System Time Local (+NTP)
  • SELInux permissive/disabled
  • /etc/security/limits.conf
    • jadu-www soft nproc 100 (+50% the number of fcgi proc's)
    • jadu-www hard nproc 200 (Twice the fcgi proc limit)
  • Local firewall enabled
  • No shell for the CGI web users
  • /etc/aliases root points to admin@jadu.net
  • Edit /etc/crontab and change MAILTO to cron@jadu.net
  • hosts file entries include all even if localhost|jadu-db, jadu-nfs, jadu-memcache
  • hosts file entry for domain name of site because rackspace dns is bad
  • chattr +i|php-wrapper and system.xml? (lsattr)
  • Command logging
  • Check mail server
  • Check if mails work
    • Check if local mailer is configured correctly and email are delivered
  • Check logrotate
    • /etc/logrotate.d/&lt;jadu&#124;sitename&gt;

MySQL

  • slow queries log enabled
    • log over 1 second
  • max_connections
    • default 100 but no more than 10x number of web workers
  • Verify mysql permissions (passwords and hosts defined for every user)

FastCGI

  • MaxProcessCount & FcgidMaxProcesses
    • 4 x cpu's but less than max processes x 35 ram, guide default is 35 (THIRTY FIVE)

Memcache

  • Sessions
    • Are sessions using memcache?
  • Max memory
    • 256 Mb min? approx 1/4 of DB server ram (/etc/sysconfig/memcached)

Statistics

  • Log combiner
    • Is log combination set up?
  • Cron job
    • Does statistics cronjob point at combined log?

External Management:

  • Nagios
  • Off site backups (Country specific)
  • Pingdom

Other:

  • Quick browse of the front end to ensure there are no 404's
  • Quick check of YSlow and PageSpeed for obvious changes
  • Check if Jadu Version is up to date.|Consult with PM if the server needs patching, but this should be easy to resolve.
  • Check disk space utilization
    • Check if there are no left over unnecessary data.
    • Check that remaining space is adequate for the long term

Integration Engineer Go Live Checklist

  • Database find and replace (if temporary domain used during project)
    • From the command line, update license keys and perform a find and replace (dry run and live run):
    • Update the license keys for CMS (licence keys can be obtained from Jadu)
    • CMS License Key: update JaduConstants set value = '<NEW_CMS_LICENSE_KEY>' where name = 'CMS_LICENSE_KEY';
    • Verify results that will be replaced (dry run): php -d include_path=/var/www/jadu/jadu -f /var/www/jadu/public_html/jadu/maintenance/databaseFindReplace.php "&lt;temporary domain&gt;" "&lt;live domain&gt;" "false" "false" "true"
    • Replace results (live run): php -d include_path=/var/www/jadu/jadu -f /var/www/jadu/public_html/jadu/maintenance/databaseFindReplace.php "&lt;temporary domain&gt;" "&lt;live domain&gt;" "true" "false" "true"
    • If needed, the cache can be cleared from the command line via: php /var/www/jadu/cli.php cms:clear-cache
    • Smoke test front end and Control Center
  • Confirm that SSL is installed and configured for Control Center and front end for registration and XForms
    • Ensure JaduConstants for SSL_ENABLED, FORCE_SECURE, FORCE_SECURE_CC and TEST_COOKIE_SECURE_CONNECTION are set to ‘true’
    • If using Jadu Central forms ensure FORCE_SECURE_FORM is set to ‘true’ in config/xfp/constants.xml
  • Google maps API key updated|Update the JaduConstant GOOGLE_MAPS_API_KEY value for the live domain
  • Ensure the front end login process is functional
    • Register and login to front end and ensure the session exists on both https and http. If the http and https domains differ, ensure you have added the session domain to vhosts. For example: php_value session.cookie_domain .<domain>
  • Check metadata, email and messages constants
    • Check the metadata, email and messages constants are correct at /jadu/install/set_constants.php
  • Queue re-scheduler task added
    • Ensure the queue re-scheduler task has been added to the crontab.
  • Queue being processed
    • Navigate to /jadu/utils/scheduled_tasks.php and ensure that all queues are being processed (i.e. they are all empty after submitting a request on the front end that sends an email)
  • Load balanced config files
    • If the site is load balanced, ensure that the XML files in /config match on all nodes. Pay particular attention to the “csrf token” value set.
  • Configure RECAPTCHA (register site at Google RECAPTCHA)
    • Add values for RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY at /jadu/install/set_constants.php and clear JaduConstants cache