Laravel implementation checklist

Verify that APP_DEBUG is set to false in the production .env file to prevent stack traces and sensitive environment variables from being exposed.

Ensure APP_KEY is set to a unique 32-character string via 'php artisan key:generate' to secure session cookies and encrypted data.

Use URL::forceScheme('https') in the AppServiceProvider boot method and ensure the TRUSTED_PROXIES configuration is set for load balancers.

Set SESSION_SECURE_COOKIE to true and SESSION_HTTP_ONLY to true in config/session.php to prevent cross-site scripting and man-in-the-middle attacks.

Apply the 'throttle' middleware to all authentication and API routes in routes/web.php and routes/api.php to mitigate brute-force attacks.

Execute 'php artisan config:cache' during the deployment process to combine all configuration files into a single cached file.

Execute 'php artisan route:cache' to reduce the overhead of route registration, especially in applications with hundreds of routes.

Run 'composer install --optimize-autoloader --no-dev' to ensure the PHP class map is pre-built for faster class loading.

Execute 'php artisan view:cache' to pre-compile Blade templates so they do not need to be compiled on the first request.

Use Model::preventLazyLoading(!app()->isProduction()) during development to ensure all production queries are properly eager-loaded with the 'with' method.

Change QUEUE_CONNECTION from 'sync' to a persistent driver like 'redis' or 'database' in the production environment.

Create a Supervisor configuration file to manage the 'php artisan queue:work' process and ensure it automatically restarts if it crashes.

If using Redis, install Laravel Horizon and verify the dashboard access is restricted via a Gate in the HorizonServiceProvider.

Explicitly set the $timeout and $tries properties on job classes to prevent long-running processes from hanging worker threads.

Ensure the failed_jobs table is migrated and configure a notification listener for the JobFailed event.

Include 'php artisan migrate --force' in the deployment script to update the database schema without manual intervention.

Configure 'spatie/laravel-backup' to perform daily database dumps and upload them to an external S3 bucket.

Run 'php artisan storage:link' on the production server to make files in 'storage/app/public' accessible via the 'public/storage' URL.

Verify that the Redis instance used for caching has the 'maxmemory-policy' set to 'allkeys-lru' to prevent memory overflow.

Run a query audit to ensure all columns used in 'where', 'order by', and 'join' clauses have appropriate database indexes.

Integrate an external service like Sentry, Flare, or Bugsnag to capture production exceptions and notify the team.

Set LOG_CHANNEL to 'daily' or 'syslog' in .env to prevent the application log file from growing indefinitely and consuming disk space.

Create a route that verifies database connectivity, cache availability, and disk space, returning a non-200 status on failure.

Install Laravel Pulse or an APM like New Relic to monitor slow routes, high-memory jobs, and database bottlenecks.

Implement a logging mechanism for high-risk actions such as user deletions, permission changes, or data exports.

Run 'npm run build' to generate minified and versioned CSS and JS files via Vite or Laravel Mix.

Verify that the Tailwind configuration includes all relevant Blade and JS paths to ensure unused CSS is stripped from the production build.

If using Inertia.js with Server-Side Rendering, ensure the 'php artisan inertia:start-ssr' process is managed by Supervisor.

Implement CSP headers to restrict the sources from which scripts and styles can be loaded, reducing XSS risks.

Configure the ASSET_URL in .env to point to a CDN for serving static assets to reduce load on the application server.