This topic describes the deployment of Optimizely Commerce solutions, and the Commerce-specific tasks needed to verify a successful deployment. See also Deployment in the CMS Developer Guide for a general understanding of how to deploy Optimizely solutions.
Implement reliable, scheduled backups for the Optimizely Commerce application and the database using SQL backup jobs.
Push changes made on a development and test/QA environment, then copy web files to the production server, and ensure that each config file points to the correct server. For example, use Richcopy to copy files to a new server. This is a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server. Other copy utilities are available, ensure that the utility you pick suits your needs.
Syncing files from development to live site
When you deploy .NET sites on the production server, you need the non-compiled files, such as *.gif; *.jpg; *.html; *.js; *.xml; *.png; *.css and so on. You also need to transfer files in the /bin directory, which contains the compiled code. Also, remember any updated configuration files.
You do not need the *.cs and *.resx files. Also, you do not need the *.pdb files (debug files) in the /bin directory.
Deployment security and access
After your site is deployed, protect and secure it with the following high-level security checks to restrict Commerce Admin to authorized users.
- Change the default password after a fresh installation.
- Enable a firewall to restrict remote access to CMS/Commerce admin.
- Set up roles and permissions for users who need access to Admin site.
- Limit database access by enabling SQL or Windows authentication.
- Enable SSL on your public site.
- Set appropriate file and folder permissions.
Setting up automatic updates and disabling automatic restart
- Update Windows regularly to keep it secure and prevent attacks.
- Disable automatic restart so the server does not go down unexpectedly after updates are installed.
- Restart and maintain the server during scheduled downtime.
- Use a staging and version control system to deploy updates.
- Create an app_offline.htm file so customers see a user-friendly downtime message.
- Set up an error logging system.
Configuring e-mail notifications and alerts
- Set up e-mail notifications and alerts to be generated immediately if there are problems with the site.
Setting up Secure Socket Layer (SSL) security
Each website that handles personal data should have SSL security to encrypt traffic and secure customer information. This is especially important if customers check out and purchase items directly from the site.
- Purchase an SSL certificate and install it on your website.
- Configure SSL after installation.
- Sync up files.
- Turn on caching by setting cache related settings, for example CacheEnabled in appsettings.json for relevant configuration sections.
- Turn off debugging and logging/tracing configuration in production. You can achieve this by having separate appsettings.json config files for development and production environment, see Configuration in ASP.NET Core.
- Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.
- Use an XML site map so search engines can crawl your site more intelligently.
- Learn the difference between 301 and 302 redirects - it is not the same for search engines!
- Set up a robots.txt file.
Internet Information Services (IIS)
- Create a new Application Pool for your website to increase its reliability.
- Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. Configure the memory recycling feature in IIS.
- Double-check IIS permissions.
Last updated: Sep 28, 2021