1. Set the Node.JS environment to
NODE_ENV environment variable to
You must use HTTPS to prevent man-in-the-middle attacks. Otherwise, your credentials and authentication tokens will appear in clear on the network.
Use different secrets for your production environment (JWT, session, csrf, etc). Specify them using environment variables or a
You can generate 256-bit secrets encoded in base64 with the following command:
Use different credentials for your production database. Specify them using environment variables or a
If you use database migrations, run them on your production server with the following command: