Architecture Overview
Galey Cloud is a full-stack photo gallery application built with Next.js that requires three core services to operate:Required Services
Vercel
Hosts the Next.js application with:- Automatic deployments from Git
- Server-side rendering and API routes
- Edge network for global performance
- Analytics integration
Supabase
Provides backend services:- PostgreSQL database for albums and photo metadata
- Built-in authentication (email/password, OAuth)
- Row-level security policies
- Real-time capabilities
Vercel Blob
Handles file storage:- Scalable object storage for photos
- Automatic CDN distribution
- Public URL generation
- Integrated with Vercel platform
Prerequisites
Before deploying Galey Cloud, ensure you have:Vercel Account
Sign up at vercel.com (free tier available)
Supabase Account
Sign up at supabase.com (free tier available)
Deployment Steps Overview
The complete deployment process involves:Set up Supabase
Create project, run database migrations, configure authenticationSee Supabase Setup →
Configure environment variables
Gather all required API keys and connection stringsSee Environment Variables →
Deploy to Vercel
Connect repository, configure build settings, enable Vercel BlobSee Vercel Deployment →
Production Considerations
Performance
- Image Optimization: Next.js config uses
unoptimized: true. For production, consider enabling optimization or using a custom image CDN - Database Indexing: Add indexes on frequently queried columns (
user_id,album_id) - Connection Pooling: Supabase provides built-in connection pooling for scalability
Scalability
- Vercel Blob Limits: Free tier has storage and bandwidth limits. Monitor usage in Vercel dashboard
- Supabase Database: Free tier includes 500MB database. Plan for upgrades as user base grows
- Rate Limiting: Implement rate limiting on upload endpoints to prevent abuse
Monitoring
- Vercel Analytics: Already integrated via
@vercel/analytics/next(app/layout.tsx:3) - Error Tracking: Consider adding Sentry or similar for production error monitoring
- Database Metrics: Use Supabase dashboard to monitor query performance
Backup & Recovery
- Database Backups: Supabase Pro tier includes daily backups. Free tier requires manual exports
- Blob Storage: Vercel Blob doesn’t provide built-in backups. Consider periodic exports of critical images
- Migration Scripts: Keep SQL scripts in version control (scripts/001_create_albums.sql, scripts/002_create_photos.sql)
Security Best Practices
Environment Variables
- Store all secrets in Vercel environment variables
- Use
NEXT_PUBLIC_prefix only for variables that are safe to expose to the browser - Rotate API keys periodically
Authentication
- Enable email confirmation in Supabase Auth settings for production
- Configure password strength requirements
- Set up OAuth providers (Google, GitHub) for better UX
- Enable 2FA for Supabase and Vercel accounts
Database Security
- Row-level security (RLS) is enabled on all tables
- All policies enforce
auth.uid() = user_idto prevent data leaks - Never expose
service_rolekey to the client - Regularly review and audit RLS policies
File Upload Security
- Validate file types and sizes before upload
- Consider adding virus scanning for user-uploaded content
- Implement rate limiting on upload endpoints
- Set appropriate CORS policies
API Routes
- All API routes verify user authentication via Supabase
- Authorization checks ensure users can only access their own data
- Proper error handling prevents information disclosure
Next Steps
Supabase Setup
Configure your database and authentication
Environment Variables
Set up all required configuration
Vercel Deployment
Deploy your application to production