Production Readiness Checklist
Yes, KeystoneJS can be (and is!) used for production websites. Here's a handy list of tips for using KeystoneJS with real workloads:
In production builds, KeystoneJS'
secureCookies defaults to true. Make sure your server is HTTPS-enabled when
secureCookies is enabled or you will be unable to log in.
Make sure the production deployment sets a long, unguessable value for KeystoneJS'
A randomly generated value is suitable (but keep it secret):
openssl rand -hex 32
Sessions are stored inside the KeystoneJS app by default, but in production it's recommended to store them in an external server such as Redis instead. You can use any of the stores that work with
express session. The advantages of using an external server are that
- You can restart your app for upgrades without breaking sessions
- You can replicate your KeystoneJS app for availability, while keeping sessions consistent
This option can be set in the
Configure access control to limit who can do what with your data.
NB: If you're using a third-party hosted environment, you might already be using a reverse proxy, but Keystone will need to be configured for it.
Don't forget to set the
NODE_ENV environment variable to
production when running. Many
npm libraries check this to enable production mode.
NODE_ENV=production keystone start
If you care about your app, you'll want to know if something bad happens to it. There are many uptime monitoring service providers who'll regularly ping your app and notify you if it stops working.