The Complete Next.js
Deployment Checklist

Environment Variables

• ✓All environment variables are set in production dashboard
• ✓NEXTAUTH_URL matches production domain exactly
• ✓NEXTAUTH_SECRET is at least 32 characters and consistent
• ✓DATABASE_URL uses production database credentials
• ✓Stripe keys are in production mode, not test mode
• ✓No hardcoded secrets or API keys in source code

Build Process

• ✓npm run build succeeds locally without errors
• ✓TypeScript compiles without errors (tsc --noEmit)
• ✓No missing imports or broken file paths
• ✓package-lock.json is committed and up to date
• ✓Build completes within platform timeout limits

Authentication & Security

• ✓OAuth redirect URIs include production domain
• ✓CSRF protection is enabled
• ✓Rate limiting is configured on auth endpoints
• ✓Environment variables do not expose secrets to client
• ✓Proper security headers are set (CSP, HSTS, X-Frame-Options)

Database & API

• ✓Database migrations have run on production
• ✓Prisma generate has been run for production schema
• ✓API routes return proper error responses (not raw exceptions)
• ✓Database connection pool size is appropriate for hosting plan
• ✓SSL is enabled for database connections in production

Performance & SEO

• ✓Images use next/image for optimization
• ✓Font optimization is configured (next/font)
• ✓Metadata is set for all pages
• ✓Sitemap and robots.txt are generated
• ✓Core Web Vitals are within acceptable ranges

Getting Help

If your deployment still fails after going through this checklist, get expert help. We have fixed hundreds of Next.js deployments.