Laravel Production Deployment Checklist

Q: How do I optimize Laravel for production?

Run these Artisan commands: php artisan config:cache, php artisan route:cache, php artisan view:cache, and php artisan optimize. Use Redis for cache and sessions. Enable OPcache in PHP. Set up proper database indexes and consider query caching for heavy read operations.

Why This Checklist Exists

We've deployed over 50 Laravel applications to production. Every missed checkbox has cost us — a forgotten APP_DEBUG=true that exposed stack traces, a missing queue worker that silently dropped jobs, a backup that wasn't actually running.

This checklist is the result of those lessons. We use it on every single launch — no exceptions. Now you can use it too.

Pro tip:

Don't just read this — use the checkboxes. Go through it step by step before every deployment. The checkboxes save to your browser so you can track progress.

Pre-Launch: Project Assessment

Answer these questions before starting the checklist. They determine which sections apply to your project.

Is this HIPAA-compliant?	Affects: Security section, audit logging
Does it have payment processing?	Affects: Stripe/gateway verification
Does it need queue workers?	Affects: Forge worker configuration
Does it have scheduled tasks (cron)?	Affects: Forge scheduler
Does it handle file uploads?	Affects: Storage configuration, S3
Expected traffic level?	Affects: Droplet sizing, caching
Does it send transactional emails?	Affects: Email provider setup

1. Infrastructure (DigitalOcean)

Server provisioning and baseline infrastructure setup.

Droplet Setup

Droplet created with appropriate size
Basic MVP: 2GB RAM / 1 vCPU ($12/mo) • Standard: 4GB / 2 vCPU ($24/mo) • High-traffic: 8GB / 4 vCPU ($48/mo)
Region selected closest to primary users
US clients: NYC1, NYC3, or SFO3 • EU clients: AMS3 or FRA1
Backups enabled — Weekly minimum. Cost: 20% of droplet price
CRITICAL: Verify backups are actually running, not just enabled
Firewall configured
SSH (22): restricted to team IPs • HTTP (80): open • HTTPS (443): open • MySQL (3306): blocked externally
Monitoring enabled (DigitalOcean monitoring)
CPU alerts > 80% • Memory alerts > 85% • Disk alerts > 90%
SSH keys added for team members who need access

2. Laravel Forge Setup

Site configuration, deployment scripts, and worker processes.

Site Configuration

Server provisioned in Forge and connected to DigitalOcean
Site created with correct domain, root set to /public
Repository connected — Branch: main or production
Auto-deploy: Off (manual deploys recommended for production)
PHP version set — PHP 8.2 or 8.3 (match local dev environment)
SSL certificate installed — Let's Encrypt with auto-renewal verified

Deploy Script

Deploy script configured and tested

cd /home/forge/your-site.com
git pull origin $FORGE_SITE_BRANCH

$FORGE_COMPOSER install --no-dev --no-interaction --prefer-dist --optimize-autoloader

( flock -w 10 9 || exit 1
    echo 'Restarting FPM...'; sudo -S service $FORGE_PHP_FPM reload ) 9>/tmp/fpmlock

if [ -f artisan ]; then
    $FORGE_PHP artisan migrate --force
    $FORGE_PHP artisan config:cache
    $FORGE_PHP artisan route:cache
    $FORGE_PHP artisan view:cache
    $FORGE_PHP artisan storage:link
fi

Queue Workers (if needed)

Queue connection configured (Redis recommended)
Horizon installed (for advanced queue monitoring)
Workers configured in Forge
Connection: redis • Queue: default • Processes: 2-4 • Timeout: 60-300 • Tries: 3
Workers started and verified running
Failed jobs table exists (php artisan queue:failed-table)

Scheduler (if needed)

Forge scheduler enabled for this site
Cron jobs verified in app/Console/Kernel.php
Test run scheduler manually to verify it works

3. Database

Database setup, backups, and security hardening.

4. Application Configuration

Laravel optimization and storage setup.

Laravel Production Settings

Config cached (php artisan config:cache)
Routes cached (php artisan route:cache)
Views cached (php artisan view:cache)
Storage linked (php artisan storage:link)
Optimized (php artisan optimize)

Storage & Caching

Storage directory permissions correct (775)
File uploads working (if applicable) — Local or S3?
Cache driver configured (Redis recommended for production)
Session driver configured (Redis or database)

5. Third-Party Services

Error monitoring, analytics, email, and payments.

6. Security

Baseline security and access controls.

Baseline Security

HTTPS enforced (redirect HTTP → HTTPS)
HSTS header enabled (Strict-Transport-Security)
APP_DEBUG = false — VERIFY AGAIN
No .env exposed — Test: visit yourdomain.com/.env
No debug routes exposed (/telescope, /horizon without auth)

Access Control

Admin routes protected
Rate limiting enabled on auth routes
CORS configured correctly (if API)
CSRF protection enabled

7. DNS & Domain

DNS records pointed correctly — A record → Droplet IP
DNS propagation complete (check with dnschecker.org)
SSL working on final domain
Old domain redirects configured (if migrating)

8. Pre-Launch Testing

Smoke tests before going live.

9. Launch Day

10. Post-Launch

First Hour

Monitor Sentry for any errors
Monitor server resources (CPU, RAM, disk)
Check queue workers processing jobs
Verify scheduled tasks running

First 24 Hours

First backup completed and verified
Real user activity observed (analytics)
Any errors addressed

Quick Reference: Common Commands

SSH Access

ssh forge@your-server-ip
cd /home/forge/your-site.com

Clear All Caches

php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear

Rebuild Caches

php artisan config:cache
php artisan route:cache
php artisan view:cache

Debugging

# View logs
tail -f storage/logs/laravel.log

# Run migrations
php artisan migrate --force

# Restart queue workers
php artisan queue:restart

# Check queue status
php artisan queue:work --once

Frequently Asked Questions

What should I check before deploying Laravel to production?

Key items include: APP_DEBUG=false, APP_ENV=production, proper database credentials, SSL certificate installed, cache configuration optimized (config:cache, route:cache, view:cache), error monitoring (Sentry) configured, and database backups scheduled.

What's the best way to deploy Laravel applications?

Laravel Forge is the recommended deployment platform for Laravel apps. It handles server provisioning, SSL certificates, deployments, queue workers, and scheduled tasks. For larger applications, consider Laravel Vapor (serverless) or custom CI/CD pipelines with GitHub Actions.

How do I optimize Laravel for production?

Run these Artisan commands: php artisan config:cache, php artisan route:cache, php artisan view:cache, and php artisan optimize. Use Redis for cache and sessions. Enable OPcache in PHP. Set up proper database indexes and consider query caching for heavy read operations.

What security measures are essential for Laravel in production?

Essential security measures: HTTPS with valid SSL, APP_DEBUG=false, rate limiting on auth routes, CSRF protection enabled, secure session configuration, no .env file accessible via web, and IP-restricted database access. For sensitive apps, add audit logging and consider WAF protection.

How do I set up Laravel queue workers in production?

Use Laravel Forge or Supervisor to manage queue workers. Configure multiple workers based on load (typically 2-4 for standard apps). Set appropriate timeout values, retry attempts, and implement failed job handling. Use Redis as the queue driver for best performance.

Need Help With Your Laravel Deployment?

We've deployed 50+ Laravel applications to production. If you need help with infrastructure setup, security hardening, or performance optimization — we can help.

Schedule Free Review View Our Services