import type { NextConfig } from "next";

const nextConfig: NextConfig = {
  output: "standalone",
};

export default nextConfig;

############################################################
# Production-ready .dockerignore for a Next.js (Vercel-style) app
# Keeps Docker builds fast, lean, and free of development files.
############################################################

# Dependencies (installed inside Docker, never copied)
node_modules/
.pnpm-store/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*

# Next.js build outputs (always generated during `next build`)
.next/
out/
dist/
build/
.vercel/

# Tests and testing output (not needed in production images)
coverage/
.nyc_output/
__tests__/
__mocks__/
jest/
cypress/
cypress/screenshots/
cypress/videos/
playwright-report/
test-results/
.vitest/
vitest.config.*
jest.config.*
cypress.config.*
playwright.config.*
*.test.*
*.spec.*

# Local development and editor files
.git/
.gitignore
.gitattributes
.vscode/
.idea/
*.swp
*.swo
*~
*.log

# Environment variables (only commit template files)
.env
.env*.local
.env.development
.env.test
.env.production.local

# Docker configuration files (not needed inside build context)
Dockerfile*
.dockerignore
compose.yaml
compose.yml
docker-compose*.yaml
docker-compose*.yml

# Documentation
*.md
docs/

# CI/CD configuration files
.github/
.gitlab-ci.yml
.travis.yml
.circleci/
Jenkinsfile

# Cache directories and temporary data
.cache/
.parcel-cache/
.eslintcache
.stylelintcache
.swc/
.turbo/
.tmp/
.temp/

# TypeScript build metadata
*.tsbuildinfo

# Sensitive or unnecessary configuration files
*.pem
.editorconfig
.prettierrc*
prettier.config.*
.eslintrc*
eslint.config.*
.stylelintrc*
stylelint.config.*
.babelrc*
*.iml
*.ipr
*.iws

# OS-specific junk
.DS_Store
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
Desktop.ini

# =====================================

=======

Stage 1: Dependencies Installation Stage

============================================

This Dockerfile.bun is specifically configured for projects using Bun

For npm/pnpm or yarn, refer to the Dockerfile instead

FROM oven/bun:1 AS dependencies

Set working directory

WORKDIR /app

Copy package-related files first to leverage Docker's caching mechanism

COPY package.json bun.lock* ./

Install project dependencies with frozen lockfile for reproducible builds

RUN --mount=type=cache,target=/root/.bun/install/cache
bun install --no-save --frozen-lockfile

============================================

Stage 2: Build Next.js application in standalone mode

============================================

FROM oven/bun:1 AS builder

Set working directory

WORKDIR /app

Copy project dependencies from dependencies stage

COPY --from=dependencies /app/node_modules ./node_modules

Copy application source code

COPY . .

ENV NODE_ENV=production

Next.js collects completely anonymous telemetry data about general usage.

Learn more here: https://nextjs.org/telemetry

Uncomment the following line in case you want to disable telemetry during the build.

ENV NEXT_TELEMETRY_DISABLED=1

Build Next.js application

RUN bun run build

============================================

Stage 3: Run Next.js application

============================================

FROM oven/bun:1 AS runner

Set working directory

WORKDIR /app

Set production environment variables

ENV NODE_ENV=production ENV PORT=3000 ENV HOSTNAME="0.0.0.0"

Next.js collects completely anonymous telemetry data about general usage.

Learn more here: https://nextjs.org/telemetry

Uncomment the following line in case you want to disable telemetry during the run time.

ENV NEXT_TELEMETRY_DISABLED=1

Copy production assets

COPY --from=builder --chown=bun:bun /app/public ./public

Set the correct permission for prerender cache

RUN mkdir .next RUN chown bun:bun .next

Automatically leverage output traces to reduce image size

https://nextjs.org/docs/advanced-features/output-file-tracing

COPY --from=builder --chown=bun:bun /app/.next/standalone ./ COPY --from=builder --chown=bun:bun /app/.next/static ./.next/static

If you want to persist the fetch cache generated during the build so that

cached responses are available immediately on startup, uncomment this line:

COPY --from=builder --chown=bun:bun /app/.next/cache ./.next/cache

Switch to non-root user for security best practices

USER bun

Expose port 3000 to allow HTTP traffic

EXPOSE 3000

Start Next.js standalone server with Bun

CMD ["bun", "server.js"]

### 4. Docker Compose Orchestration
Includes Nginx reverse proxy, Certbot SSL automation, and network isolation:

Bun service (use with: docker compose up nextjs-standalone-with-bun --build)

services: app: build: context: . dockerfile: Dockerfile image: nextjs-standalone-bun-image container_name: nextjs-app environment: NODE_ENV: production PORT: "3000" HOSTNAME: "0.0.0.0" expose: - "3000" restart: unless-stopped networks: - app-network

nginx: image: nginx:stable-alpine container_name: nginx-proxy depends_on: - app ports: - "80:80" - "443:443" volumes: - ./nginx/default.conf:/etc/nginx/conf.d/nginx.conf:ro - certbot_www:/var/www/certbot - certbot_conf:/etc/letsencrypt restart: unless-stopped networks: - app-network

certbot: image: certbot/certbot:latest container_name: certbot volumes: - certbot_www:/var/www/certbot - certbot_conf:/etc/letsencrypt entrypoint: > sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot --quiet; sleep 12h; done' restart: unless-stopped

volumes: certbot_www: certbot_conf:

networks: app-network: driver: bridge

### 5. Nginx Reverse Proxy Configuration
Handles HTTP/HTTPS routing, WebSocket upgrades, and ACME challenge validation:

server { listen 80; server_name seudominio.com www.seudominio.com;

location /.well-known/acme-challenge/ { root /var/www/certbot; }

location / { proxy_pass http://app:3000; proxy_http_version 1.1;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

} }

### 6. Build & Deployment Commands
**Automated**:

make build && make up

**Manual**:

docker compose build docker compose up -d

### 7. Automation Makefile
Standardizes lifecycle commands for CI/CD and local development:

Makefile - App Nextjs + Docker + VPS Example

PROJECT_NAME=App Nextjs DOCKER_IMAGE_NAME=app-next-js DOCKER_CONTAINER_NAME=app-next-js COMPOSE_FILE=docker-compose.yaml

build: docker compose -f $(COMPOSE_FILE) build

up: docker compose -f $(COMPOSE_FILE) up -d

stop: docker compose -f $(COMPOSE_FILE) stop

clean: stop docker compose -f $(COMPOSE_FILE) down --remove-orphans docker rmi -f $(DOCKER_IMAGE_NAME) >/dev/null 2>&1 || true rm -rf node_modules .next >/dev/null 2>&1 || true

## Pitfall Guide
1. **Copying `node_modules` directly**: Bypasses Docker's layer caching and introduces platform-specific binaries. Always install dependencies inside the build stage using a frozen lockfile.
2. **Omitting `output: "standalone"`**: Next.js defaults to bundling the entire compiler and dev toolchain. Standalone output tracing is mandatory for production image minimization.
3. **Leaking `.env` or IDE metadata**: Failing to exclude `.env*`, `.git/`, `.vscode/`, and cache directories in `.dockerignore` exposes secrets and inflates context size.
4. **Running containers as `root`**: Violates container security best practices and increases blast radius during CVE exploitation. Always switch to a dedicated non-root user (`USER bun`) and set correct file ownership.
5. **Breaking Docker layer cache**: Copying source code before `package.json` and lockfiles invalidates dependency installation cache on every commit. Maintain strict copy order: lockfiles → install → source.
6. **Missing Nginx proxy headers**: Omitting `X-Forwarded-Proto`, `Upgrade`, or `Connection` breaks SSL detection, WebSocket support, and Next.js server-side routing logic.
7. **Skipping `--frozen-lockfile`**: Allows silent dependency resolution changes during CI builds, causing environment drift and non-reproducible deployments.

## Deliverables
- **📐 Architecture Blueprint**: Multi-stage Docker flow diagram detailing context isolation, layer caching strategy, and standalone output tracing.
- **✅ Production Readiness Checklist**: Pre-deployment verification covering `output: "standalone"`, `.dockerignore` coverage, non-root execution, environment variable injection, healthcheck configuration, and SSL renewal automation.
- **📦 Configuration Templates**: Ready-to-use `Dockerfile`, `.dockerignore`, `docker-compose.yaml`, `nginx.conf`, and `Makefile` optimized for Vercel-style standalone deployments with Bun runtime.