Going to production checklist
Use this checklist to help you set up a production environment on Fly.io.
Important: The checklist is not exhaustive and does not guarantee production-readiness for your app. Apps can have unique requirements for production depending on the framework and type of app. Some items won’t be applicable and there may be other considerations not listed here; you’ll need to decide which checklist items work for your app.
Security
-
Set up single sign-on for organizations
-
Enable SSO on your organization to take advantage of Google or GitHub authentication security. See Single sign-on for organizations.
-
Isolate staging and production environments
-
Use organizations to limit access to your production environment. See Blueprint: Staging and production isolation.
-
Enforce least privilege access
-
Use access tokens to allow only the minimum access required by team members to your organization, apps, and Machines. See access tokens.
-
Protect sensitive information
-
Set secrets to store sensitive data and make them available as environment variables to your app. See Secrets and Fly Apps.
-
Make sure private services are not exposed
-
Check that your private apps with services don’t have public IP addresses. Run
fly ips list
and usefly ips release
to release unnecessary public IPs. See flyctlfly ips
commands. Assign private apps a Flycast address instead. -
Use Arcjet application security for JavaScript apps
-
Secure your app with rate limiting, bot protection, email validation, and defense against common attacks through our extension partner Arcjet. Currently free in beta, but pricing is subject to change. See Application Security by Arcjet.
Networking
-
Set up a custom domain
-
Configure a certificate for your domain. See Use a custom domain.
-
Consider a dedicated IPv4 address
-
Completely eliminate the chance of blacklisted spammers causing problems for your app. There is a small added cost for dedicated IPv4 addresses. See Dedicated IPv4.
-
Set up Flycast for private apps
-
If you haven’t already done so, give your private apps a Flycast address to communicate with them entirely on your private network. See Flycast - Private Fly Proxy services.
Databases
-
Run “production-grade” Postgres
-
For Fly Postgres, our unmanaged database, set up replication clusters of 3+ servers. See High Availability & Global Replication. You can also use an external database provider and configure it for redundancy.
-
Periodically test your Fly Postgres backups
-
Periodically create a new Postgres app from a snapshot or clone the active app, then use
fly postgres connect
to log into the database and confirm that all the data is present. -
Set up offsite backups
-
For all databases, it’s essential to have a recovery plan that includes storing backups offsite. You can use volume snapshots as part of your plan, but you should also store copies of your backups in another location. See Manage volume snapshots and, for Fly Postgres, Backup, Restores, & Snapshots.
Monitoring
-
Export your logs
-
Set up the Fly Log Shipper to aggregate your app’s logs to a service of your choice. See Export logs.
-
Monitor your app with fully-managed metrics
-
Use managed Prometheus and the Grafana dashboard to monitor your app. See Metrics on Fly.io.
-
Use Sentry for Error tracking
-
An application monitoring platform that helps you identify and fix software problems before they impact your users from our extension partner Sentry.Fly.io organizations get a year’s worth of Team Plan credits. See Application Monitoring by Sentry.
Availability, resiliency, and costs
-
Use multiple Machines for resiliency
-
Make your app resilient to single-host failures with multiple Machines that stay stopped until you need them. See Blueprint: Resilient apps use multiple Machines.
-
Scale your app into more regions
-
Scale your app in multiple regions closest to your app’s users. See Scale an app’s regions.
-
Use autostop/autostart to reduce costs
-
Autostop/autostart lets you stop or suspend Machines when there’s low traffic, saving on resource usage and costs. You get autostop/autostart by default with a new app, but you can configure it to optimize for your use case. See Autostop/autostart Machines.
-
Set up autoscaling by metric to reduce costs
-
For apps that aren’t running web services, use the autoscaler app to scale your app’s Machines based on any metric, saving on resource usage and costs. See Autoscale based on metrics.
App performance
-
Get Machine sizing right
-
Most production apps require 2x or performance CPUs. Also make sure you have enough RAM for your app and/or enable swapping to disk to deal with brief spikes in memory use. See Machine sizing.
-
Fine-tune your app
-
Learn about optimizing your app on Fly.io. See Tips to fine-tune your app on Fly.io.
CI/CD
-
Generate review apps with GitHub Actions
-
Automatically generate ephemeral review apps on Fly.io for each pull request (PR) using GitHub Actions. See Blueprint: Git Branch Preview Environments on GitHub.
-
Deploy with GitHub Actions
-
Set up your app for continuous deployment to Fly.io from the app’s GitHub repository. See Continuous Deployment with Fly.io and GitHub Actions.