All posts

Express.js Deployment Checklist for Production

A comprehensive Express.js deployment checklist covering security headers, error handling, logging, performance tuning, and health checks.

Express.js Deployment Checklist for Production

Deploying Express.js to production requires more than node server.js. Use this checklist to ensure your app is ready.

Security

const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

app.use(helmet());
app.use(rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 100
}));
app.disable('x-powered-by');
  • [ ] Helmet middleware enabled for security headers
  • [ ] Rate limiting configured per endpoint sensitivity
  • [ ] CORS configured for specific origins only
  • [ ] Input validation on all request bodies
  • [ ] No sensitive data in error responses

Error Handling

// Global error handler — must have 4 parameters
app.use((err, req, res, next) => {
  logger.error({ err, path: req.path, method: req.method });
  res.status(err.status || 500).json({
    error: process.env.NODE_ENV === 'production'
      ? 'Internal server error'
      : err.message
  });
});
  • [ ] Global error handler registered after all routes
  • [ ] Unhandled rejection handler set up
  • [ ] Error tracking service integrated (Bugsly captures Express errors automatically)

Performance

  • [ ] Response compression enabled with compression middleware
  • [ ] Static assets served through a CDN or reverse proxy
  • [ ] NODE_ENV=production set (Express caches view templates)
  • [ ] Connection pooling for databases
  • [ ] Request timeout set to prevent hanging connections

Logging

const morgan = require('morgan');
app.use(morgan('combined'));
  • [ ] Structured logging with request IDs
  • [ ] Log level set to info or warn (not debug)
  • [ ] Logs shipped to centralized logging service

Health Checks

app.get('/health', async (req, res) => {
  const dbHealthy = await checkDatabase();
  res.status(dbHealthy ? 200 : 503).json({
    status: dbHealthy ? 'healthy' : 'degraded',
    timestamp: new Date().toISOString()
  });
});
  • [ ] Health endpoint checks all dependencies
  • [ ] Readiness and liveness probes configured
  • [ ] Graceful shutdown handles in-flight requests

Process Management

  • [ ] Running behind a reverse proxy (nginx)
  • [ ] Process manager (PM2 or systemd) configured
  • [ ] Cluster mode or multiple instances for CPU utilization

Try Bugsly Free

AI-powered error tracking that explains your bugs. Set up in 2 minutes, free forever for small projects.

Get Started Free

Related Articles

Fix structuredClone Error in Svelte

Step-by-step guide to fix structuredClone Error in Svelte. Includes root cause analysis, code examples, debugging tips, and prevention strategies.

Read more

How to Fix Validationerror in Ruby on Rails

A practical guide to resolving Validationerror in Ruby on Rails, with real code examples and debugging tips.

Read more

How to Fix CORS Policy Blocked Error in React

Learn how to fix the CORS Policy Blocked Error in React. Step-by-step guide with code examples.

Read more

Fix Timeout Error in Python

Step-by-step guide to fix Timeout Error in Python. Includes root cause analysis, code examples, debugging tips, and prevention strategies.

Read more