Use This Checklist Before Every Production Launch
Whether this is your first Odoo deployment or your fifteenth, running through this list before go-live catches the mistakes that become 2am emergencies. Work through each item, check it off, and do not go live until all 20 are green.
SSL and Domain
1. SSL Certificate Is Valid and Auto-Renewing
# Check expiry:
echo | openssl s_client -connect your-domain.com:443 2>/dev/null | \
openssl x509 -noout -dates
# Certbot auto-renewal test:
certbot renew --dry-run
SSL should auto-renew at least 30 days before expiry. Never let it lapse — Odoo over HTTP sends passwords in plain text.
2. web.base.url Is Set to the Production Domain
-- In psql:
SELECT value FROM ir_config_parameter WHERE key = 'web.base.url';
-- Must be: https://your-production-domain.com
UPDATE ir_config_parameter SET value = 'https://your-domain.com' WHERE key = 'web.base.url';
3. proxy_mode = True in odoo.conf
# /etc/odoo/odoo.conf
proxy_mode = True
Without this, Odoo generates incorrect asset URLs when behind nginx.
Security
4. list_db = False in odoo.conf
list_db = False
Disables the database manager UI. Required for production. See database manager guide.
5. Strong Master Password Set
admin_passwd = $(python3 -c "import secrets; print(secrets.token_urlsafe(32))")
Store this in your password manager. It cannot be recovered if lost (only reset via config file).
6. Default admin Password Changed
Log in as admin, go to Settings > Users > Administrator > change the password to something strong. The default "admin/admin" credentials are scanned for by bots within hours of a server going live.
7. PostgreSQL Not Exposed to the Internet
# Verify PostgreSQL listens only on private interfaces:
ss -tlnp | grep 5432
# Should show 127.0.0.1:5432 or a private IP, NOT 0.0.0.0:5432
8. Firewall Rules: Only Ports 80 and 443 Publicly Open
# UFW example:
ufw status
# Expected: 80/tcp ALLOW, 443/tcp ALLOW, 22/tcp ALLOW from your-ip
# NOT open: 8069, 5432, 8072
See Odoo Security Best Practices for the full security hardening guide.
Performance and Reliability
9. Workers Configured (Not Zero)
# /etc/odoo/odoo.conf
workers = 4 # minimum for production; use (CPU_cores * 2) + 1
Workers = 0 means single-threaded mode — one slow request blocks all other users. See Configure Odoo Workers.
10. Memory Limits Set
limit_memory_soft = 2684354560 # 2.5 GB
limit_memory_hard = 3221225472 # 3 GB
limit_time_cpu = 600
limit_time_real = 1200
11. PostgreSQL Tuned for Available RAM
# For an 8 GB RAM server:
shared_buffers = 2GB
effective_cache_size = 6GB
work_mem = 32MB
See Optimize PostgreSQL for Odoo.
12. nginx proxy_read_timeout Is Adequate
proxy_read_timeout 300s;
The default 60 seconds is too low for report generation. 300 seconds is a safe production value.
Backups
13. Automated Backups Are Running and Tested
# Verify last backup succeeded:
ls -lht /var/backups/odoo/ | head -5
# Restore test — try restoring last backup to a test DB at least monthly:
pg_restore -U odoo -d test_restore /var/backups/odoo/latest.dump
A backup you have never restored is a backup you cannot trust. See Backup Odoo Database. Minimum: daily backups retained for 30 days.
14. Filestore Is Included in Backups
Many teams back up the database but forget the filestore (/var/lib/odoo/filestore/). This directory contains all uploaded attachments. Back it up alongside the database.
15. Outgoing Mail Server Is Configured and Tested
Settings > Technical > Email > Outgoing Mail Servers. Send a test email and verify receipt. Without this, order confirmations, invoices, and user invitations silently fail.
16. SPF, DKIM, and DMARC Records Are Set
# Check SPF:
dig TXT your-domain.com | grep spf
# Check DKIM (if using Mailgun/SendGrid/etc.):
dig TXT selector._domainkey.your-domain.com
Without SPF/DKIM, Odoo emails land in spam — which defeats the purpose of having email notifications.
17. Catch-All for Incoming Replies Is Configured (If Needed)
If you use Odoo's email integration (customer replies to sales orders, helpdesk tickets), configure incoming mail in Settings > Technical > Email > Incoming Mail Servers.
Monitoring and Maintenance
18. Uptime Monitoring Is Active
Point an external monitoring service (UptimeRobot free tier, BetterUptime, or Grafana Cloud) at https://your-domain.com/web/health. You should receive an alert within 5 minutes of Odoo going down.
19. Disk Usage Monitoring and Alerting
# Odoo databases grow 1–5 GB per month depending on activity.
# Alert at 75% disk usage:
df -h / | awk 'NR==2 {if ($5+0>75) print "Alert: disk at " $5}'
A full disk crashes PostgreSQL with no user-visible error message. See Monitor Odoo Performance.
20. Staging Environment Exists and Is Tested
Never apply module updates or configuration changes directly to production. If you do not have a staging environment, create one before going live. See Odoo Staging Environment.
Quick Reference: The 20-Point List
- SSL valid and auto-renewing
- web.base.url set to production domain
- proxy_mode = True
- list_db = False
- Strong master password
- Default admin password changed
- PostgreSQL not internet-exposed
- Firewall: only 80/443 open publicly
- Workers > 0
- Memory limits configured
- PostgreSQL tuned for RAM
- nginx proxy_read_timeout = 300s
- Automated backups running and tested
- Filestore included in backups
- Outgoing mail tested
- SPF/DKIM/DMARC configured
- Incoming mail configured (if needed)
- Uptime monitoring active
- Disk usage monitoring active
- Staging environment exists
How DeployMonkey Pre-Checks Everything
When you deploy an Odoo instance with DeployMonkey, items 1–12 and 18–19 are handled automatically: SSL is provisioned and auto-renewed, proxy_mode is set, workers are sized for your plan, nginx timeouts are correct, and monitoring starts immediately. The setup checklist in your control panel tracks the remaining items (email, passwords, backups) and guides you through each one.
Start free at deploymonkey.app — no credit card required.
Frequently Asked Questions
How long does it take to complete this checklist?
For an experienced Odoo administrator, 2–4 hours for a fresh deployment. If you are starting from a working development server, most items are already done — budget 1 hour to verify each one.
What happens if I skip the worker configuration?
Odoo runs in single-threaded mode. One slow request (a long report, a slow import) blocks every other user until it finishes. This is the most common cause of "Odoo is slow" complaints on launch day.
Do I need to repeat this checklist for module updates?
Not the full list. After module updates, verify: assets regenerated (item 3 side effect), no new errors in logs, test backup and restore on staging first (item 13/20).
Is there a difference between this checklist for Odoo Community vs Enterprise?
The checklist applies to both. Enterprise adds some automatic configuration (CDN, session storage) but does not change the fundamental security and reliability requirements.