Skip to main content
SolBid uses environment variables to configure the Next.js application and WebSocket server. This guide covers all required and optional environment variables for local development and production.

Next.js app environment variables

Create a .env file in the next-app/ directory with the following variables:

Database

DATABASE_URL="postgresql://username:password@localhost:5432/solbid"
PostgreSQL connection string used by Prisma. Format: 
postgresql://USER:PASSWORD@HOST:PORT/DATABASE
For local development, you can use a local PostgreSQL instance. For production, use a managed database service like Supabase or Neon.

Authentication

NEXTAUTH_SECRET="your-nextauth-secret-key"
NEXTAUTH_URL="http://localhost:3000"
Secret key used by NextAuth.js for encrypting tokens and session data. Generate a secure random string:
openssl rand -base64 32
The canonical URL of your site. For local development, use http://localhost:3000. For production, use your deployed URL.

OAuth providers

GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
Google OAuth credentials for social authentication. Get these from the Google Cloud Console.
1

Create OAuth credentials

  1. Go to Google Cloud Console
  2. Create a new project or select an existing one
  3. Enable the Google+ API
  4. Go to Credentials → Create Credentials → OAuth client ID
2

Configure authorized URLs

Add these authorized redirect URIs:
  • Local: http://localhost:3000/api/auth/callback/google
  • Production: https://yourdomain.com/api/auth/callback/google

Email service

EMAIL_SERVER="smtp.example.com"
EMAIL_PORT="587"
EMAIL_USER="[email protected]"
EMAIL_PASSWORD="your-email-password"
EMAIL_FROM="[email protected]"
SMTP configuration for sending OTP emails and notifications. You can use services like:
  • Gmail (requires app-specific password)
  • SendGrid
  • AWS SES
  • Mailgun
If using Gmail, enable 2FA and create an app-specific password.

Cloudinary (image uploads)

CLOUDINARY_CLOUD_NAME="your-cloud-name"
CLOUDINARY_API_KEY="your-api-key"
CLOUDINARY_API_SECRET="your-api-secret"
Cloudinary credentials for user profile image uploads. Sign up at cloudinary.com to get these credentials.

WebSocket connection

NEXT_PUBLIC_WSS_URL="ws://localhost:8080"
WebSocket server URL for real-time game updates. The NEXT_PUBLIC_ prefix makes this variable available in the browser. 
NEXT_PUBLIC_WSS_URL="ws://localhost:8080"

JWT secret (shared)

NEXT_PUBLIC_SECRET="your-jwt-secret-key"
Shared secret for JWT token verification between the Next.js app and WebSocket server.
This secret must be identical in both the Next.js app and WebSocket server .env files.

WebSocket server environment variables

Create a .env file in the ws/ directory: 
PORT="8080"
NEXT_PUBLIC_SECRET="your-jwt-secret-key"

PORT

Port number for the WebSocket server. Default is 8080.

NEXT_PUBLIC_SECRET

JWT secret for verifying tokens from the Next.js app. Must match the NEXT_PUBLIC_SECRET in the Next.js .env file.

Example configuration files

# Database
DATABASE_URL="postgresql://postgres:password@localhost:5432/solbid"

# NextAuth
NEXTAUTH_SECRET="your-generated-secret-key-here"
NEXTAUTH_URL="http://localhost:3000"

# Google OAuth
GOOGLE_CLIENT_ID="123456789-abcdefg.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="GOCSPX-abcdefghijklmnop"

# Email (Gmail example)
EMAIL_SERVER="smtp.gmail.com"
EMAIL_PORT="587"
EMAIL_USER="[email protected]"
EMAIL_PASSWORD="your-app-specific-password"
EMAIL_FROM="[email protected]"

# Cloudinary
CLOUDINARY_CLOUD_NAME="your-cloud-name"
CLOUDINARY_API_KEY="123456789012345"
CLOUDINARY_API_SECRET="abcdefghijklmnopqrstuvwxyz"

# WebSocket
NEXT_PUBLIC_WSS_URL="ws://localhost:8080"

# JWT Secret (shared with WS server)
NEXT_PUBLIC_SECRET="your-shared-jwt-secret"

Environment-specific configurations

For local development:
  • Use http://localhost:3000 for the Next.js app
  • Use ws://localhost:8080 for WebSocket connections
  • Use a local PostgreSQL database
  • Use local Redis instance
For production deployment:
  • Use HTTPS URLs for the Next.js app
  • Use WSS (secure WebSocket) URLs
  • Use managed database services (Supabase, Neon, etc.)
  • Use managed Redis services (Upstash, Redis Cloud, etc.)
  • Generate strong, unique secrets for all keys

Security best practices

Never commit .env files to version control. The .gitignore file is already configured to exclude them.
  • Generate strong random secrets for NEXTAUTH_SECRET and NEXT_PUBLIC_SECRET
  • Use different secrets for development and production
  • Rotate secrets regularly in production
  • Use environment variable management tools (Vercel, AWS Systems Manager, etc.) in production
  • Limit OAuth redirect URIs to your actual domains
  • Use read-only database credentials where possible

Verifying configuration

After setting up your environment variables:
1

Check database connection

cd next-app
npx prisma db pull
This should connect successfully if DATABASE_URL is correct.
2

Test the Next.js app

pnpm run dev
Check the console for any missing environment variable warnings.
3

Test the WebSocket server

cd ws
pnpm run dev
The server should start without errors.

Next steps

Build docs developers (and LLMs) love

Get started for freeTalk to us