Ruby on Rails: 5 Checks to Make Before Launching Your App
Launching your app into production is a huge step, and there are often lots of different things you need to set up to ensure not only that the deployment works as expected, but also that your app continues to run smoothly once it is running in production.
Here are five things I like to check prior to deploying a Ruby on Rails app:
1. Customise the pages your users shouldn’t really see
It’s inevitable that at some point, your app will throw an error page - be it a server issue (500) or even a missing page. Rails provides some basic templates for these pages, but they aren’t very useful to users.
Instead, you should customise the
public/500.html pages to provide some useful feedback to site users, and even an escape route (such as a link to your homepage or site search) to help them resolve their issue.
2. Ensure the app enforces an encrypted connection
With the arrival of LetsEncrypt, there really is no excuse not to use an SSL certificate for your apps now. Even the most basic sites benefit from the security that an SSL certificate provides to its users.
You can enforce SSL easily across your app by setting in your environment configuration file:
# config/environments/production.rb # ... config.force_ssl = true
3. Don’t leak database details through your URLs
The default behaviour of Rails routing is to use database ID fields for URLs. For example, to edit a user’s account, the URL might be
yourapp.com/users/5/edit. Using the database fields in this way could potentially leak data from your application, and offer a potential security vulnerability in your application if (for example) an authorization check is not correctly carried out on the action.
An easy workaround is to use a separate, auto-generated UUID field on your model, and override the model’s
class User < ApplicationRecord has_secure_token :uuid # Ideally, add a UNIQUE index to this field on your database def to_param self.uuid end end
Alternatively, a more complete approach is to use the excellent FriendlyId gem to take care of this easily. FriendlyID also gives you the benefit of being able to generate URL-friendly slugs for your model, and redirections should they change.
4. Check for Availability
Once your app is up and running, you want to make sure it stays that way! This means monitoring the various parts that make up your app. Thankfully, there are a number of services to make this task easy.
For example, StatusCake and Pingdom perfor regular checks on your website, and can even be configured to ensure that the response includes a particular string of text (e.g. “Welcome to my App”). This helps to ensure not only that your app is responding correctly, but that (for example) users are not seeing unexpected content (such as a directory listing!)
5. Automate your Deployment
Automating your configuration and deployment is one of the best steps you can take to keeping your app stable in production. CI/CD automation tools can be configured to perform a number of checks on your code both during and after the deployment to ensure that everything has gone smoothly.
By setting this up once, you can be far more confident about the state of your application and its services every time you make a change. There are a number of CI / CD tools available, and the best one for you will depend on your particular setup.
Get the 30-Step Pre-Launch Checklist for Healthy Rails Apps
These are just 5 things you should check as part of your app’s launch into production, but there are plenty more!
To help you out, I’ve put together a handy reference worksheet that includes 30-step checklist to step through when preparing your app. You can download the checklist using the form below.