CloudPOS Documentation

# Production Checklist

Complete checklist before launching CloudPOS to production.

# Pre-Launch Checklist

# Domain & SSL

  • [ ] Domain name configured and pointing to server
  • [ ] SSL certificate installed (Let's Encrypt recommended)
  • [ ] HTTPS working (no mixed content warnings)
  • [ ] SSL auto-renewal configured
  • [ ] Test all URLs:
    • [ ] https://yourdomain.com (frontend)
    • [ ] https://yourdomain.com/api (API)
    • [ ] https://yourdomain.com/admin (admin panel)

# Environment Configuration

  • [ ] .env file configured with production values
  • [ ] NODE_ENV=production
  • [ ] DEMO_MODE=false
  • [ ] Strong JWT secrets generated (32+ characters)
  • [ ] Strong encryption key generated
  • [ ] Database credentials secure (not root user)
  • [ ] CORS_ORIGIN set to production domain
  • [ ] FRONTEND_URL set to production domain
  • [ ] VITE_API_URL set to production API URL
  • [ ] .env file permissions: chmod 600 .env

# Database

  • [ ] Database created with correct charset (utf8mb4_unicode_ci)
  • [ ] Dedicated database user created (not root)
  • [ ] Database user has proper privileges
  • [ ] Migrations run successfully
  • [ ] Admin user created
  • [ ] Default passwords changed
  • [ ] Database backup configured (daily automated)
  • [ ] Test backup restore procedure

# Application Build

  • [ ] Server built: cd server && npm run build
  • [ ] Client built: cd client && npm run build
  • [ ] Build outputs verified (no errors)
  • [ ] Static files in correct location (client/dist/)
  • [ ] Upload directory exists and writable

# Server Configuration

  • [ ] PM2 configured and running
  • [ ] PM2 startup script configured
  • [ ] Nginx configured correctly
  • [ ] Nginx test passed: sudo nginx -t
  • [ ] Firewall configured (only 80, 443, 22 open)
  • [ ] File permissions set correctly
  • [ ] Log directories exist and writable

# Payment Gateway (If Using)

  • [ ] Stripe account created
  • [ ] Live API keys configured (not test keys)
  • [ ] Payment gateway active in Admin Panel
  • [ ] Test mode disabled
  • [ ] Webhook endpoint configured
  • [ ] Production webhook secret added
  • [ ] Webhook events selected:
    • [ ] checkout.session.completed
    • [ ] customer.subscription.created
    • [ ] customer.subscription.updated
    • [ ] customer.subscription.deleted
    • [ ] invoice.payment_succeeded
    • [ ] invoice.payment_failed
  • [ ] Test payment with real card (small amount)
  • [ ] Verify webhook events received
  • [ ] Plan Price IDs configured in Admin Panel

# Email Configuration

  • [ ] SMTP configured in Admin Panel
  • [ ] Test email sent successfully
  • [ ] From email/name configured
  • [ ] Email templates reviewed
  • [ ] SPF record configured (if using custom domain)
  • [ ] DKIM configured (if using custom domain)

# Security

  • [ ] All default passwords changed
  • [ ] Strong passwords for all admin users
  • [ ] JWT secrets are strong and unique
  • [ ] Encryption key is strong and unique
  • [ ] Demo mode disabled
  • [ ] CORS properly configured
  • [ ] File upload restrictions in place
  • [ ] Rate limiting enabled
  • [ ] SSL/HTTPS enforced
  • [ ] Security headers configured (Nginx)

# Admin Panel

  • [ ] Admin user can login
  • [ ] System settings configured:
    • [ ] System name
    • [ ] Default timezone
    • [ ] Default currency
    • [ ] Default language
  • [ ] Subscription plans created
  • [ ] Plan limits configured
  • [ ] Stripe Price IDs added to plans
  • [ ] Payment gateway configured
  • [ ] Email settings configured
  • [ ] Branding configured (logos, favicons)

# Testing Checklist

# Basic Functionality

  • [ ] Frontend loads: https://yourdomain.com
  • [ ] API responds: https://yourdomain.com/api
  • [ ] Admin panel loads: https://yourdomain.com/admin/login
  • [ ] No console errors: Check browser console
  • [ ] No 404 errors: Check Network tab

# Authentication

  • [ ] Admin login works: Login to admin panel
  • [ ] Tenant registration works: Register new tenant
  • [ ] Tenant login works: Login as tenant
  • [ ] Password reset works: Request and reset password
  • [ ] Email verification works (if enabled)

# Tenant Management

  • [ ] Create tenant: Via admin panel
  • [ ] View tenants: List all tenants
  • [ ] Edit tenant: Update tenant details
  • [ ] Suspend tenant: Suspend and reactivate

# Subscription Flow

  • [ ] View plans: Tenant can see available plans
  • [ ] Select plan: Tenant can select a plan
  • [ ] Complete payment: Stripe checkout works
  • [ ] Plan assigned: Plan automatically assigned after payment
  • [ ] Access granted: Tenant can access system after subscription
  • [ ] Plan limits enforced: Test creating resource beyond limit

# Payment Gateway

  • [ ] Test payment: Complete test payment
  • [ ] Webhook received: Check Stripe Dashboard for webhook events
  • [ ] Subscription created: Verify subscription in database
  • [ ] Payment history: View payment in Admin Panel
  • [ ] Customer portal: Test Stripe customer portal access

# Email Notifications

  • [ ] Test email sent: Send test email from Admin Panel
  • [ ] Email received: Check inbox (and spam)
  • [ ] Email templates: Verify templates are correct
  • [ ] Registration email: Test tenant registration email
  • [ ] Password reset email: Test password reset email

# Demo Mode

  • [ ] Demo mode disabled: Verify DEMO_MODE=false
  • [ ] Changes allowed: Can create/update/delete
  • [ ] No demo errors: No "Demo mode enabled" messages

# Admin Role Access

  • [ ] Super Admin: Full access verified
  • [ ] Admin: Limited access verified
  • [ ] Finance: Finance-only access verified

# Performance Checklist

  • [ ] Page load time: < 3 seconds
  • [ ] API response time: < 500ms average
  • [ ] Database queries: Optimized (check slow query log)
  • [ ] Static assets cached: Verify cache headers
  • [ ] Image optimization: Images compressed
  • [ ] CDN configured (if using CDN)

# Monitoring Checklist

  • [ ] Error logging: PM2 logs configured
  • [ ] Access logging: Nginx access logs enabled
  • [ ] Database monitoring: Monitor database size/performance
  • [ ] Uptime monitoring: Set up uptime monitoring (optional)
  • [ ] Backup monitoring: Verify backups are running

# Documentation

  • [ ] Admin credentials documented: Store securely
  • [ ] Database credentials documented: Store securely
  • [ ] API keys documented: Store securely
  • [ ] Backup procedure documented
  • [ ] Recovery procedure documented

# Post-Launch

# First 24 Hours

  • [ ] Monitor error logs
  • [ ] Check webhook delivery (Stripe)
  • [ ] Verify email delivery
  • [ ] Test all critical flows
  • [ ] Monitor server resources (CPU, RAM, disk)

# First Week

  • [ ] Review access logs
  • [ ] Check for security issues
  • [ ] Monitor subscription signups
  • [ ] Verify payment processing
  • [ ] Test backup restore

# Ongoing

  • [ ] Weekly backup verification
  • [ ] Monthly security review
  • [ ] Quarterly dependency updates
  • [ ] Monitor server performance
  • [ ] Review and rotate secrets (90 days)

# Quick Verification Commands

# Check services
pm2 status
sudo systemctl status nginx
sudo systemctl status mysql

# Check logs
pm2 logs cloudpos --lines 50

# Test API
curl https://yourdomain.com/api

# Test database
mysql -u cloudpos -p -e "SELECT COUNT(*) FROM tenants"

# Check SSL
curl -I https://yourdomain.com

# Check file permissions
ls -la .env
ls -la server/uploads

# Rollback Plan

If something goes wrong:

  1. Stop application:

    pm2 stop cloudpos

  2. Restore database (if needed):

    mysql -u cloudpos -p cloudpos < backup_YYYYMMDD.sql

  3. Revert code (if using Git):

    git checkout previous-version
npm install
npm run build
pm2 restart cloudpos

  4. Check logs:

    pm2 logs cloudpos
tail -f /var/log/nginx/error.log

# Support Resources

  • Documentation: This guide
  • Logs: pm2 logs cloudpos
  • Stripe Dashboard: https://dashboard.stripe.com
  • Server Monitoring: Check server resources
  • Database: Check database size and performance

Ready to launch? Complete all items above, then monitor closely for the first 24-48 hours.