# Deployment

## Before deploy

Before deployment, we've found an issue in production with the new content security policy headers. Basically, you need to add `wss://...`and your domain to the `:content_security_policy` `default_src` array, like below.

{% code title="config.exs" %}

```elixir
config :my_app, :content_security_policy, %{
  default_src: [
    ....
    "wss://yourdomain.com",
    "wss://yourdomain.com/live/websocket"
  ]
}
```

{% endcode %}

Read more:

* [Petal Pro Github issue](https://github.com/petalframework/petal_pro/issues/46)
* [Blog post about content security policy in Phoenix apps](https://furlough.merecomplexities.com/elixir/phoenix/security/2021/02/26/content-security-policy-configuration-in-phoenix.html)

### Removing CSP

If you don't care about content security policies, you can remove this config and then in `router.exs` change:

```elixir
# Change this:
plug(:put_secure_browser_headers, %{
  "content-security-policy" =>
    ContentSecurityPolicy.serialize(
      struct(ContentSecurityPolicy.Policy, PetalPro.config(:content_security_policy))
    )
})

# To this:
plug :put_secure_browser_headers
```

### Faker dependency and the Landing Page

If you haven't changed the landing page yet, there will be references to [Faker](https://hexdocs.pm/faker). If you don't remove references to Faker, you'll need to find this line in `mix.exs`:

```elixir
defp deps do
  [
    {:faker, "~> 0.17", only: [:test, :dev]},
  ]
```

And change it to this:

```elixir
defp deps do
  [
    {:faker, "~> 0.17"},
  ]
```

## A word on environment variables

In production, Petal Pro requires the following environment variables to be set:

* `SECRET_KEY_BASE`
* `DATABASE_URL`
* `PHX_HOST`
* `PORT`

If you're deploying to Fly.io, these environment variables should be automatically taken care of. However, if you're testing `prod` on your dev machine or using a different deployment mechanism - you'll need to make sure that these environment variables have been set.

Please bare in mind that `SECRET_KEY_BASE` and `DATABASE_URL` are secrets and need to be protected. Please follow best practices for managing secrets on the platform you are deploying to.

## Deployment with Fly.io

To deploy to Fly.io, use the following guide:

{% content-ref url="../guides/deploy-to-fly.io" %}
[deploy-to-fly.io](https://docs.petal.build/petal-pro-documentation/v2.0.0/guides/deploy-to-fly.io)
{% endcontent-ref %}