Deployment
Because services are isolated, they deploy independently. There's no single artifact to ship — you deploy each service's backend, and each enabled web/mobile frontend, on its own cadence.
Backends (Docker)
Every service backend ships a Dockerfile. For a self-hosted stack, the production
overlay composes them all with their databases and Redis:
npm run docker:prod # docker-compose.yml + docker-compose.prod.ymlTo deploy services separately, build and push each image on its own:
docker build -t my-app-core ./core/backend
docker build -t my-app-auth ./auth/backend
# push to your registry, deploy each to its targetAny Node.js host works — Railway, Render, Fly.io, AWS/GCP/Azure, or your own VPS. Each service needs its own PostgreSQL and Redis.
Wiring services together
The critical production setting is AUTH_SERVICE_URL on every non-auth service — it
must point at the deployed auth service so cookie forwarding reaches the right place. Set
CORS to include every frontend origin.
# core/backend production env
DATABASE_URL=postgresql://user:password@core-db:5432/core
REDIS_URL=redis://core-redis:6379
AUTH_SERVICE_URL=https://auth.yourdomain.com
CORS_ORIGINS=https://app.yourdomain.comSecrets per service
Each service has its own .env with its own random credentials. The
BETTER_AUTH_SECRET lives on the auth service. Don't share one database or
one secret across services — that defeats the isolation boundary.
Web frontends
Each web app is a standard Next.js (App Router) project.
Vercel (recommended)
cd core/web
vercel deployOr connect the repo for automatic deployments and set the project root to the service's
web/ directory.
Node.js / Docker
cd core/web
npm run build && npm startSSR required
Next.js App Router uses Server Components. Do not configure static-only hosting or
SPA-style redirects — run next start (or deploy to a platform that runs
it).
Point each web app at its backend and the auth service via its production env (e.g.
NEXT_PUBLIC_* URLs).
Mobile (EAS)
Expo apps build and submit with EAS:
npm install -g eas-cli
eas login
eas build --profile production
eas submit --profile productionSet production API URLs and integration keys in the app config before building. Apple Sign-In requires HTTPS redirect URIs — see Troubleshooting.