1. Lock admin access
The first classic mistake is to deploy an application while system access remains too broad. Before going live, change the root password if necessary, disable weak authentication, and create a separate administrative user.
Limit SSH access to keys when possible.
Close unused ports before installing the application.
Document who has access and how it is renewed.
2. Apply updates and prepare backups
A clean server starts with a known system base. Update critical packages, note the system version, and test a backup mechanism before installing business data. An untested backup is just a hypothesis.
Check the kernel, OpenSSH, SQL engine and firewall.
Provide a copy of application files and database dumps.
Keep a restoration procedure readable by another person.
3. Install minimum observability before traffic
The right time to think about logs and alerts is before the first incident. Enable log rotation, monitor disk space, note CPU load and check what should alert you when a service goes down.
Have a simple signal to know if the application is still responding.
Measure disk space and memory before saturation occurs.
Prepare a rollback plan if the first deployer degrades the machine.