# Deployment Checklist

Use this before and after you upload the hostable portal to cPanel.

## Before Upload

- Confirm your hosting account includes:
  - `Application Manager` or `Setup Python App`
  - Terminal or SSH access if possible
  - HTTPS on the target domain or subdomain
- Decide the app URL:
  - example: `portal.yourdomain.com`
- Decide the upload path:
  - example: `/home/yourcpaneluser/hostable_portal`
- Generate a strong random secret key
- Choose your first admin username, email, and password

## Files To Upload

- upload the full [hostable_portal](C:/--QT%20HOSTABLE--/hostable_portal) folder
- do not upload local test databases from development
- do not upload `__pycache__` if you rebuild a clean bundle first

## Environment Setup

- create the virtual environment
- install [requirements.txt](C:/--QT%20HOSTABLE--/requirements.txt)
- create `.env`
- confirm `SECRET_KEY` has been changed
- confirm `SESSION_COOKIE_SECURE=true`
- confirm `REMEMBER_COOKIE_SECURE=true`

## Database Setup

- run [init_db.py](C:/--QT%20HOSTABLE--/init_db.py)
- verify the first admin account was created
- confirm the database file exists
- back up the database file after first setup

## cPanel App Registration

- application root points to the uploaded folder
- startup file is `passenger_wsgi.py`
- entry point is `application`
- Python version matches the virtual environment version

## First Live Checks

- open `/login`
- sign in with the admin account
- open `/admin/users`
- create a second lower-privilege user
- sign out
- sign in with the new user
- confirm role restrictions behave correctly

## Security Checks

- HTTPS is enabled
- admin password changed from bootstrap value
- cPanel account password is strong
- cPanel 2FA enabled if available
- no secrets left in uploaded notes or shell history
- `SECRET_KEY` is unique to this deployment

## Ongoing Operations

- back up the SQLite database regularly
- restart the app after code changes:

```bash
mkdir -p tmp
touch tmp/restart.txt
```

- review audit logs after admin/user changes

## Recommended Next Phase

- password reset flow
- 2FA
- invite-based user creation
- source credential vaulting
- playlist import jobs
- hosted playlist browser / repair workflows