Skip to main content

Deployment and Production

Deploy the admin panel after Firebase, roles, data setup, app-specific workflows, and production QA are complete. The admin panel is a privileged web application, so deployment should be handled with the same care as any backend service that can read and update production data.

Production Requirements

Use a hosting provider that supports Next.js server routes and secure server-side environment variables.

Recommended baseline:

RequirementRecommendation
Node.jsNode.js 20.9 or newer
Package managerYarn through Corepack
Framework supportNext.js App Router with server routes
FirebaseProduction Firebase project with Auth, Firestore, Storage, and any app-specific services enabled
SecretsServer-side environment variables managed by the hosting provider
HTTPSRequired for production login, cookies, uploads, and provider callbacks

Build locally before deploying:

corepack enable
corepack yarn install --immutable
corepack yarn typecheck
corepack yarn build

Environment Variables

Production needs two groups of Firebase values.

Public Firebase web config:

NEXT_PUBLIC_FIREBASE_API_KEY=
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=
NEXT_PUBLIC_FIREBASE_PROJECT_ID=
NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=
NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=
NEXT_PUBLIC_FIREBASE_APP_ID=

Server-only Firebase Admin SDK values:

FIREBASE_PROJECT_ID=
FIREBASE_CLIENT_EMAIL=
FIREBASE_PRIVATE_KEY=
FIREBASE_STORAGE_BUCKET=

The public values are safe to expose to the browser. The Admin SDK values are not. Add Admin SDK values only in the hosting provider's encrypted environment variable manager.

App-specific integrations may require additional values:

SENDGRID_API_KEY=
EMAIL_FROM_ADDRESS=
STRIPE_SECRET_KEY=
OPENAI_API_KEY=
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
GOOGLE_MAPS_API_KEY=

Only configure provider keys for features enabled in the selected app.

Security Settings

Before production:

  • set ADMIN_ALLOW_ID_TOKEN_SESSION_FOR_SMOKE=0;
  • remove development-only test accounts;
  • keep at least two owner accounts for recovery;
  • restrict who can assign owner roles;
  • keep service account JSON files out of Git and deployment artifacts;
  • store private keys as server-side secrets;
  • rotate credentials that were shared during setup;
  • verify Firestore and Storage rules for the React Native app;
  • confirm Audit Log records settings, uploads, imports, exports, and workflow actions.

Hosting Options

The admin panel is a standard Next.js application. Suitable hosting targets include:

  • Vercel;
  • Render;
  • Railway;
  • Fly.io;
  • a custom Node.js host;
  • any platform that supports Next.js server routes and secure environment variables.

Static-only hosting is not enough because the admin panel uses server routes for Firebase Admin SDK access, uploads, sessions, and protected workflow actions.

Deployment Verification

After deploying:

  1. open the production admin URL over HTTPS;
  2. sign in as an owner;
  3. open Dashboard and confirm metrics load;
  4. open Launch Checklist and resolve remaining warnings;
  5. save a harmless App Settings change;
  6. upload a small image through Media Library;
  7. export one entity as CSV;
  8. update one safe test record;
  9. confirm Audit Log records the actions;
  10. run the React Native app against the same Firebase project.

For app-specific verification, use the workflow page that matches your app:

  • Commerce: product, order, status update, campaign, export.
  • Appointments: provider, service, booking, status update.
  • Taxi: driver, car category, trip inspection, stuck-state recovery.
  • Listings: listing, image, map coordinate, visibility operation.
  • Social: report, moderation action, content visibility.
  • Dating: profile, report, safety workflow, discovery state.
  • Chat: conversation, message inspection, reviewed or escalated state.
  • GPT Chat: assistant conversation and usage diagnostics.
  • Video Chat: AV call and connection status inspection.

Monitoring and Maintenance

During the first production period:

  • review Audit Log daily;
  • monitor Firebase usage and billing;
  • monitor upload failures and provider errors;
  • review campaign sends and notification delivery;
  • remove unused admin users;
  • export important operational data before large bulk changes;
  • rotate provider secrets on your normal security schedule;
  • keep the admin panel and React Native app connected to the same Firebase project.

Common Deployment Issues

IssueWhat to check
Login works locally but not in productionFirebase web config, authorized domains, HTTPS, cookie settings.
Dashboard opens but API routes failMissing Admin SDK server variables, private key newline formatting, wrong project ID.
Upload failsStorage bucket name, Admin SDK permissions, file size limit, Storage service enabled.
Data is emptyAdmin panel and mobile app point to different Firebase projects or collections.
Campaigns failProvider API key, sender identity, broadcast limit, user email or push token data.
Build failsNode version, lockfile state, TypeScript errors, missing required environment assumptions.

Next Steps