Deploy Next.js to Vercel Production Without Losing Your Shit

Seriously, test your production build locally first. I learned this the hard way after taking down staging for two hours because I was lazy and skipped this step. The team lead was... let's just say he wasn't thrilled about explaining to the CEO why our demo was broken.

When your build breaks in production: Vercel bills you for the failed attempts (yeah, they charge for failures too), your teammates start giving you the stink eye, and instead of shipping features you're debugging webpack nonsense at 11pm on a Friday.

The "It Builds Locally" Reality Check

Run this shit exactly as written:

## Delete node_modules and package-lock.json first (trust me on this)
rm -rf node_modules package-lock.json
npm install

## Build like production actually will
NODE_ENV=production npm run build
npm start

Hit localhost:3000 and click through your app like a pissed-off user would. Open the browser console - see any red errors? Check your terminal - any warnings about chunking or dynamic imports?

Critical: If you see Warning: Failed to load resource, your images or API routes are fucked. Fix this shit now or you'll be debugging it at 2am when it breaks in production and your boss is blowing up your phone asking why the site is down.

Here's what I actually check before deploying (learned from production incidents):

• Dynamic imports actually work - test the pages that use lazy loading
• API routes don't timeout - hit your slowest endpoint a few times
• Images load from the right paths - Next.js Image optimization breaks differently in prod
• Database connections close properly - check your connection pool limits
• Environment variables exist - your app will fail silently if they're missing

Environment Variables: Where Dreams Go to Die

Environment variables cause 90% of deployment failures. I'm not exaggerating. Vercel's interface for managing them is confusing as hell, and their scoping system will bite you in the ass when you least expect it.

The nuclear option (do this first or suffer):

## Create .env.example with FAKE values
DATABASE_URL=\"postgresql://user:pass@localhost:5432/myapp_dev\"
NEXTAUTH_SECRET=\"your-secret-here\"
STRIPE_SECRET_KEY=\"sk_test_...\"
NEXT_PUBLIC_APP_URL=\"http://localhost:3000\"

## Then create .env.local with REAL values
## NEVER FUCKING COMMIT .env.local TO GIT (yes, I've done this)

Production environment gotchas I've learned the hard way:

1. Vercel has 3 environment scopes: Development, Preview, Production. If your Preview works but Production doesn't, you probably set variables in the wrong scope.

2. NEXT_PUBLIC_ variables are bundled into your client code. Don't put secrets in them.

3. Database URLs break differently in serverless - connection pooling that works locally will crash in production. Use PlanetScale or Supabase with connection pooling enabled.

4. Vercel strips trailing slashes from URLs - if your API expects them, add redirects in next.config.js.

Dev mode clusterfuck: Sometimes Next.js just decides environment variables shouldn't reload in dev mode. You'll change a var, wonder why nothing works, then waste 20 minutes pulling your hair out before remembering to restart the damn dev server. Happens across multiple versions - ask me how I know.

Next.js 15 Config: The Stuff That Actually Matters

The Next.js docs show you pristine config files. Here's what actually works in production after I've debugged the failures:

// next.config.mjs - This actually works
/** @type {import('next').NextConfig} */
const nextConfig = {
  // This breaks in Docker if you use it wrong
  output: 'standalone',
  
  // Images will cause issues if not configured properly
  images: {
    formats: ['image/webp', 'image/avif'],
    dangerouslyAllowSVG: false, // Keep this false for security
    domains: ['cdn.yourdomain.com'], // Add your image domains here
    deviceSizes: [640, 750, 828, 1080, 1200], // Don't generate unused sizes
  },
  
  // Vercel enables this automatically, but good to be explicit
  compress: true,
  
  // This actually helps with bundle size (sometimes)
  experimental: {
    optimizePackageImports: ['@mui/material', 'lodash', 'date-fns'],
    serverComponentsExternalPackages: ['mongoose'], // If you use Mongoose
  },
  
  // Add this or your builds will randomly fail
  typescript: {
    ignoreBuildErrors: false, // Set to true if you're desperate
  },
  
  // ESLint can break builds in CI/CD
  eslint: {
    ignoreDuringBuilds: false, // Set to true if you hate yourself
  },
};

export default nextConfig;

Issues that will break your builds:

• Missing image domains - Next.js Image optimization needs explicit domain allowlists
• Mongoose/MongoDB connections - Add to serverComponentsExternalPackages or it'll crash
• TypeScript errors - Fix them locally, don't ignore them in production
• ESLint config - Your local rules might be different from Vercel's environment

Monitoring: Because Your Users Will Find the Bugs First

// app/layout.tsx - Add this or you'll deploy blind
import { SpeedInsights } from '@vercel/speed-insights/next';
import { Analytics } from '@vercel/analytics/next';

export default function RootLayout({ children }) {
  return (
    <html lang=\"en\">
      <body>
        {children}
        <SpeedInsights />
        <Analytics />
      </body>
    </html>
  );
}

Reality check: Vercel's analytics are decent but not free after your first 100k pageviews. They'll bill you. I recommend Plausible or PostHog for honest analytics without the Google privacy nightmare.

Error monitoring that actually works: Add Sentry or you'll be debugging production errors from angry user emails:

npm install @sentry/nextjs
npx @sentry/wizard -i nextjs

Database Connection Issues

Serverless + Database = Complexity. Traditional connection pooling doesn't work because each Vercel function is a separate container. Here's what actually works:

If you use Prisma (most common):

{
  \"scripts\": {
    \"db:migrate\": \"prisma migrate deploy\",
    \"db:generate\": \"prisma generate\", 
    \"build\": \"prisma generate && prisma migrate deploy && next build\",
    \"postinstall\": \"prisma generate\"
  }
}

Connection pooling for PostgreSQL: Use PgBouncer or switch to Neon, PlanetScale, or Supabase. Regular Postgres will exhaust connections and crash your functions.

MongoDB users: Use connection pooling or your app will randomly fail with MongoNetworkError. I spent an entire weekend debugging this because the error only happened under load - worked fine with one user, died with five.

Third-Party Services: The Expensive Surprise

Payment processing gotchas:

• Stripe webhook URLs need to be updated to your production domain
• Don't forget to switch from test keys to live keys (I've done this more than once)
• Webhook endpoints need to be HTTPS in production

Email services that actually work in serverless:

• Resend - built for this
• SendGrid - reliable but expensive
• Postmark - good deliverability
• Don't use SMTP - it times out in serverless functions

File upload pain: Vercel functions have a 6MB request limit. Use Upstash or upload directly to S3/Cloudinary from the client.

Security Basics

Skip Content Security Policy unless you actually understand it. Most tutorials get it wrong and break your app. Here's what actually matters:

Security headers that won't break your app:

// next.config.mjs
const nextConfig = {
  async headers() {
    return [
      {
        source: '/(.*)',
        headers: [
          { key: 'X-Frame-Options', value: 'DENY' },
          { key: 'X-Content-Type-Options', value: 'nosniff' },
          { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
          // Don't add CSP here unless you know what you're doing
        ],
      },
    ];
  },
};

Actually important security stuff:

• Don't commit secrets to git - use .env.local and add it to .gitignore
• Validate API inputs - use Zod or your endpoints will be exploited
• Rate limit your API routes - use Upstash Redis for simple rate limiting
• Use HTTPS everywhere - Vercel handles this but check your external API calls

Pre-Flight Checklist (Do This or Suffer)

Manual testing that catches 90% of issues:

1. Run the production build locally - npm run build && npm start
2. Check all your forms - do they actually submit?
3. Test authentication flows - login/logout/signup
4. Click every navigation link - are there any 404s?
5. Open browser dev tools - any console errors?
6. Test on mobile - responsive design breaks in weird ways
7. Check your API routes with curl - do they return what you expect?

## Test your API endpoints locally first (replace <your-app-name> with your actual domain)
curl -X POST https://<your-app-name>.vercel.app/api/auth/signin \
  -H \"Content-Type: application/json\" \
  -d '{\"email\":\"test@test.com\",\"password\":\"test\"}'

Bundle analysis (because Vercel will charge you):

## Check your bundle sizes
npm run build -- --analyze
open .next/analyze/client.html

## If any chunk is over 200kb, your users will hate you

Issues that often surface after deployment:

• Images that work locally but fail in production (wrong domains)
• API routes that timeout because you didn't test them with real data
• Authentication redirects that break because of environment URLs
• Database connections that worked with 1 user, fail with 10

I've learned to test everything thoroughly before deploying because debugging production issues at midnight is not fun. Trust the checklist.

Two ways to deploy: the "easy" dashboard way (breaks in mysterious ways) or CLI (breaks in more predictable ways). I'll show you both and the exact ways they'll screw you over because they definitely will.

Method 1: Dashboard Deploy (For People Who Like UI)

Step 1: Get Your Code Repository Ready

Push your code to GitHub/GitLab/Bitbucket. If you haven't done this already, start here.

## If you don't have git initialized yet
git init
git add .
git commit -m \"Initial commit before deployment\"

## Push to your remote (replace <username> and <repo-name> with your actual values)
git remote add origin https://github.com/<username>/<repo-name>.git
git push -u origin main

Gotcha: Make sure your package.json has the right build script configuration for Vercel. Vercel looks for npm run build by default. If yours is different, you'll need to configure it later according to the Vercel build configuration docs.

Step 2: The Vercel Song and Dance

1. Go to vercel.com and click "Sign up" (use GitHub OAuth, it's easier)
2. Click "New Project" (big blue button, hard to miss)
3. Import your repository (it should show up in the list)
4. Vercel pretends to auto-detect everything using their framework detection (it usually gets it right)

Step 3: Project Settings (Don't Touch Unless Broken)

Vercel's defaults usually work, but here's what actually matters:

• Framework Preset: Should be "Next.js" (if not, check your folder structure)
• Root Directory: ./ unless your Next.js app is in a subfolder (monorepo setup)
• Build Command: npm run build (stick with the default)
• Output Directory: .next (don't change this unless necessary)
• Install Command: npm install (or pnpm install if you're using pnpm)

Common issues:

• Monorepo setup: If your Next.js app is in apps/web, set Root Directory to apps/web (monorepo guide)
• Yarn/pnpm: Change Install Command to yarn or pnpm install (package manager docs)
• Custom build script: If you renamed build to something else in package.json (build commands reference)

Step 4: Environment Variables Hell

Here's where your deployment goes to die. Vercel's environment variables UI looks simple but it's a trap. They have three scopes (Development, Preview, Production) and the UI doesn't make it clear which one you're setting. I guarantee you'll fuck this up on your first deployment.

Add these in the Vercel dashboard (Project Settings → Environment Variables):

## Database (make sure it's production, not your local one)
DATABASE_URL=postgresql://user:pass@production-db.com:5432/myapp

## Authentication (generate new secret, don't reuse local one)
NEXTAUTH_SECRET=supersecretproductionstring
NEXTAUTH_URL=https://yourapp.vercel.app

## Payment processing (LIVE keys, not test keys)
STRIPE_SECRET_KEY=sk_live_...
STRIPE_PUBLISHABLE_KEY=pk_live_...

## Email service
RESEND_API_KEY=re_...

## Public vars (these get bundled into client code)
NEXT_PUBLIC_APP_URL=https://yourapp.vercel.app
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_...

Understanding Vercel's environment scopes:

• Production: Used for production deployments (yourapp.com)
• Preview: Used for branch deployments (yourapp-git-feature.vercel.app)
• Development: Used when running vercel dev locally

Common mistakes:

• Adding secrets to Preview but not Production (or vice versa)
• Using test API keys in production (Stripe will be angry)
• Forgetting to update NEXTAUTH_URL to your production domain
• Not setting the same variable in all scopes (if needed)

Step 5: Deploy and Pray

Click the big "Deploy" button and hold your breath. If you're lucky, it takes 2-3 minutes. If you're unlucky (like me about 60% of the time), you'll get cryptic build errors that would make a PhD in computer science cry.

What Vercel does when you deploy:

1. Installs dependencies - if this fails, your package.json is fucked
2. Runs npm run build - if this fails, your code is fucked
3. Generates serverless functions - if this fails, your API routes are fucked
4. Uploads to edge network - if this fails, Vercel is fucked (rarely their fault)
5. Gives you a URL - something like your-app-abc123.vercel.app

Common build failures I've debugged:

"Cannot resolve module '../components/Header'" - Your imports are wrong. Check your relative paths and make sure you didn't accidentally import something that only exists locally. Usually it's a case sensitivity issue - Linux is pickier than macOS.

"Out of memory" - Your build is too big. Add this to package.json:

{
  \"scripts\": {
    \"build\": \"node --max-old-space-size=4096 ./node_modules/.bin/next build\"
  }
}

"Function execution timed out" - Your serverless function is doing too much. Break it down or increase the timeout in vercel.json.

"Cannot connect to database" - Your DATABASE_URL might be wrong, or your database doesn't allow connections from Vercel's IP range.

Method 2: CLI Deploy (For Terminal Users)

The CLI is more reliable for complex projects, but it has its own quirks.

Step 1: Install the CLI

npm install -g vercel
## If you get permissions errors on macOS/Linux:
sudo npm install -g vercel

Gotcha: If you're using nvm, the global install might break when you switch Node versions. Install it in each Node version you use.

Step 2: Login and Deal with Prompts

## This opens your browser for OAuth
vercel login

## Navigate to your project directory
cd your-nextjs-app

## Initialize (prepare for annoying prompts)
vercel

## The CLI will ask you dumb questions:
## \"Set up and deploy?\" → Yes (obviously)
## \"Which scope?\" → Your username (unless you have teams)
## \"Link to existing project?\" → No (if this is first deploy)
## \"Project name?\" → Whatever you want
## \"Directory?\" → ./ (unless you're in a monorepo)

CLI gotchas:

• Vercel stores config in .vercel/ - commit this folder to git
• First run creates the project - subsequent runs just deploy
• CLI auth tokens expire - you'll randomly get logged out and need to re-auth

Step 3: vercel.json Config (Advanced Configuration)

Most projects don't need a vercel.json, but if you need custom settings, here's what actually works:

{
  \"framework\": \"nextjs\",
  \"regions\": [\"iad1\", \"sfo1\"], // Only deploy to US East/West (faster builds)
  \"functions\": {
    \"app/api/**/*.ts\": {
      \"maxDuration\": 30 // Increase timeout for slow API routes
    }
  },
  \"headers\": [
    {
      \"source\": \"/api/(.*)\",
      \"headers\": [
        {
          \"key\": \"Cache-Control\", 
          \"value\": \"s-maxage=60, stale-while-revalidate\"
        }
      ]
    }
  ],
  \"redirects\": [
    {
      \"source\": \"/old-url\",
      \"destination\": \"/new-url\", 
      \"permanent\": true
    }
  ]
}

When you actually need vercel.json:

• Custom function timeouts - default is 10 seconds, some APIs need more
• Regional deployment - if you only serve specific regions
• Custom headers - for caching or security headers
• Redirects - for URL changes or SEO

Don't add vercel.json unless you need it - Vercel's defaults work for 90% of projects.

Step 4: Environment Variables via CLI

Setting env vars through CLI is tedious but sometimes necessary:

## Add variables one by one
vercel env add DATABASE_URL production
## It will prompt you to enter the value

## For each environment (production, preview, development)
vercel env add NEXTAUTH_SECRET production
vercel env add NEXTAUTH_SECRET preview  
vercel env add NEXTAUTH_SECRET development

## Pull production env vars to local file  
vercel env pull .env.local

CLI environment variable pain points:

• No bulk import - you have to add them one by one
• No easy editing - to change a value, you remove and re-add it
• Easy to forget scopes - forgetting to add to all environments

Pro tip: Use the dashboard for setting env vars. The CLI is only good for pulling them locally.

Step 5: Deploy Commands That Actually Work

## Deploy to production (do this after testing)
vercel --prod

## Deploy and follow logs (useful for debugging)
vercel --prod --debug

## Deploy specific branch to production  
git checkout main
vercel --prod

## Force rebuild (when cache is causing issues)
vercel --prod --force

Common CLI deployment issues:

• "No existing deployments" - run vercel first (without --prod) to create project
• "Invalid token" - your auth expired, run vercel login again
• "Build failed" - same issues as dashboard deploy, but better error messages
• "Deployment timed out" - your build is too slow, optimize or use CI/CD

When Your Deployment Inevitably Breaks

Custom Build Scripts (For Complex Projects)

If your app needs database migrations or code generation:

{
  \"scripts\": {
    \"build\": \"prisma generate && next build\",
    \"vercel-build\": \"prisma generate && prisma migrate deploy && next build\"
  }
}

Why vercel-build instead of build? Vercel runs vercel-build if it exists, build otherwise. Use this for production-specific build steps.

Build script gotchas:

• Long builds time out - Vercel has a 32GB RAM, 45-minute build limit on Pro plan
• Database migrations during build - risky, can break production if migration fails (best practices guide)
• API calls during build - might fail if external service is down (build-time data fetching)

Environment Strategy That Actually Works

## Preview deployments (branch deployments)
vercel                    # Deploys current branch

## Production deployment  
vercel --prod            # Only deploys from main/master branch

Branch deployment workflow I actually use:

1. Feature branches get preview deployments (yourapp-git-feature.vercel.app)
2. Main branch gets production deployment (yourapp.vercel.app)
3. Preview before production - test the preview URL before merging

Database Migration Reality Check

Don't run migrations during build unless you enjoy 3 AM incidents.

Safer approach:

{
  \"scripts\": {
    \"build\": \"prisma generate && next build\",
    \"migrate:prod\": \"prisma migrate deploy\"
  }
}

Run migrations separately:

## Deploy code first
vercel --prod

## Then run migrations (after confirming deployment works)
vercel env pull .env.local
npm run migrate:prod

Migration horror stories I've personally caused:

• Breaking schema change during deployment - app went down for 2 hours, customers couldn't checkout
• Migration failed mid-deployment - database in inconsistent state, had to manually fix 10k records
• Rollback impossible - had to fix migration forward instead of reverting, worked until 3am

Rule: Test migrations in preview environment with production-like data first.

CI/CD: Do You Actually Need It?

Hot take: Most small projects don't need CI/CD. Vercel's GitHub integration already does continuous deployment. Adding GitHub Actions is often overkill.

When you actually need CI/CD:

• Large team - multiple people pushing code (team collaboration guide)
• Complex tests - integration tests, E2E tests that take time (testing frameworks integration)
• Custom deployment steps - database migrations, cache clearing (custom workflows)
• Compliance requirements - need deployment approval workflows (enterprise features)

Simple GitHub Actions that actually helps:

name: Test before deploy
on: [pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci
      - run: npm run build
      - run: npm run test

This runs tests on PRs but lets Vercel handle actual deployment. Simple and effective.

Custom Domains: The DNS Nightmare

Adding a custom domain in Vercel:

1. Go to Project Settings → Domains
2. Add your domain (e.g., yourapp.com)
3. Configure DNS records (this is where it gets painful)

DNS settings that actually work:

## For root domain (yourapp.com)
A     @     76.76.19.61

## For www subdomain  
CNAME www   cname.vercel-dns.com

Common DNS issues:

• Wrong A record IP - Vercel's IP changed, check their docs
• Missing CNAME - www subdomain won't work without proper CNAME record
• DNS caching - changes take 24-48 hours to propagate globally
• Cloudflare proxy - turn off the orange cloud if using Vercel

Domain verification fails?

• Check DNS with dig yoursite.com
• Wait longer (DNS is slow as molasses)
• Try incognito mode to bypass local DNS cache

After Deployment: The Real Work Begins

Your app is live. Now what breaks?

1. Check the actual URL - does your site load?
2. Test all functionality - forms, auth, API routes
3. Check browser console - any errors?
4. Monitor Vercel logs - Functions tab shows API errors
5. Set up error tracking - Sentry will save your ass

Production debugging tools:

## Check deployment status
vercel logs yourapp.vercel.app

## Follow real-time logs  
vercel logs yourapp.vercel.app --follow

## Check specific function logs
vercel logs yourapp.vercel.app --since=1h

Real production issues I've personally debugged:

• Images showing 403 Forbidden - wrong Next.js Image domains config, forgot to add CDN domain
• API routes timing out after exactly 10 seconds - database connection pool exhausted, hit Vercel's function limit
• Authentication broken after deployment - NEXTAUTH_URL still set to localhost instead of production domain (classic mistake)
• CORS errors on preflight requests - API routes not handling OPTIONS requests properly
• "MongoNetworkError: connection timed out" - serverless cold starts with traditional connection pooling

The deployment is just the beginning. Production debugging at 3 AM is where you really learn.