Deployment

Because services are isolated, they deploy independently. There's no single artifact to ship — you deploy each service's backend, and each enabled web/mobile frontend, on its own cadence.

Backends (Docker)

Every service backend ships a Dockerfile. For a self-hosted stack, the production overlay composes them all with their databases and Redis:

npm run docker:prod   # docker-compose.yml + docker-compose.prod.yml

To deploy services separately, build and push each image on its own:

docker build -t my-app-core ./core/backend
docker build -t my-app-auth ./auth/backend
# push to your registry, deploy each to its target

Any Node.js host works — Railway, Render, Fly.io, AWS/GCP/Azure, or your own VPS. Each service needs its own PostgreSQL and Redis.

Wiring services together

The critical production setting is AUTH_SERVICE_URL on every non-auth service — it must point at the deployed auth service so cookie forwarding reaches the right place. Set CORS to include every frontend origin.

# core/backend production env
DATABASE_URL=postgresql://user:password@core-db:5432/core
REDIS_URL=redis://core-redis:6379
AUTH_SERVICE_URL=https://auth.yourdomain.com
CORS_ORIGINS=https://app.yourdomain.com
Secrets per service

Each service has its own .env with its own random credentials. The BETTER_AUTH_SECRET lives on the auth service. Don't share one database or one secret across services — that defeats the isolation boundary.

Web frontends

Each web app is a standard Next.js (App Router) project.

cd core/web
vercel deploy

Or connect the repo for automatic deployments and set the project root to the service's web/ directory.

Node.js / Docker

cd core/web
npm run build && npm start
SSR required

Next.js App Router uses Server Components. Do not configure static-only hosting or SPA-style redirects — run next start (or deploy to a platform that runs it).

Point each web app at its backend and the auth service via its production env (e.g. NEXT_PUBLIC_* URLs).

Mobile (EAS)

Expo apps build and submit with EAS:

npm install -g eas-cli
eas login

eas build --profile production
eas submit --profile production

Set production API URLs and integration keys in the app config before building. Apple Sign-In requires HTTPS redirect URIs — see Troubleshooting.