Checklist
As a technopolitical project, Decidim needs several things to work. This is a non comprehensive list that serves as a general recommendation of what things you need to have it working with the best practices:
Technological
-
Choose a domain or subdomain for your application. Some typical names involve "Participation" or "Decision" conjugations.
-
Choose which languages do you want for your application. In case that your language is not supported you should translate it on Crowdin.
-
Configure the time zone for your organization. If you change it afterwards you will need to review all the dates from your contents.
-
Customize the look and feel (colors, pictures, fonts, etc).
-
Configure SSL:
-
We recommend using at least Let’s Encrypt for minimum security.
-
Configure redirection from HTTP to HTTPS on your web server.
-
Configure your Certificate Authority Authorization (CAA) DNS records
-
Install complete Certificate Chains if it is needed for your provider
-
Use current SSL/TLS Protocols (TLS 1.2 or 1.3)
-
If you add new static files, be careful of not introducing mixed content
-
Use the SSL Server Test and follow their recommendations
-
-
Configure your SMTP server.
-
Setup the geolocation service. We recommend using Here Maps, but you can use other kind of tiling server compatible with Open Street Maps.
-
Setup backup on your server. The most important things to save are the
public/uploads
and the database. -
Decide and implement which kind of Authorization you are going to use.
-
Comply with our License (Affero GPL 3) and publish your code to GitHub or wherever you want.
-
Review your decidim initializer on your application (config/initializers/decidim.rb).
-
Configure your ActiveJob background queue.
-
Configure your ActiveStorage dynamic uploads.
-
If you want, configure your social providers to enable login using external applications.
-
Check that you do not have any default users, emails and passwords, neither on the admin or on the system panel.
-
Configure scheduled tasks.
-
You should have a staging / preproduction environment where to test changes before deploying to production. If this environment has a copy of production database, you should disable the SMTP server and for privacy issues you should change the usernames / names / emails.
-
You should have a exception tracking service or gem, like Errbit, Exception Notification, Airbrake or Sentry.
Contents
-
Ideally you will have a Team formed with experts on IT, Communication, Participation, Design and Law.
-
Texts for at least, terms of service, privacy policy and frequently asked questions. To show the "Terms of service" body text in the "Create an account form", it is a requirement that the slug of this page to be equal
terms-of-service
. -
Comply with your current legal requirements, like to registrate your privacy policy with the authorities (eg LOPD on Spain).
-
Fill the Participatory Processes Configuration Form to prepare your Participatory Process for Decidim.
-
Read the Administration manual.
-
Participate on Metadecidim.
-
Read the Decidim Social Contract.