The VideoHub backend ships with a production-readyDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/barcode8/VideoHub/llms.txt
Use this file to discover all available pages before exploring further.
Dockerfile that packages the Node.js API into a lightweight Alpine Linux container. You can run it anywhere Docker is available — a local machine, a VPS, a managed container service like AWS ECS, Google Cloud Run, or Railway — without modifying a single line of application code. All runtime configuration is supplied through environment variables at container start time.
Docker Deployment
Build the Docker image
From the Docker will pull
Backend/ directory, build the image and tag it as videohub-backend:node:26.4.0-alpine, install dependencies via npm ci, and copy the application source into the image. Subsequent builds reuse the dependency layer as long as package.json and package-lock.json have not changed.Run the container
Start the container and pass all required environment variables with The
-e flags:-p 5000:5000 flag maps port 5000 on the host to port 5000 inside the container. Adjust the host-side port if that port is already occupied.Dockerfile Details
Here is the completeDockerfile included in Backend/:
FROM node:26.4.0-alpine— pins an exact Node.js version on Alpine Linux to keep the image small (around 180 MB) and to guarantee reproducible builds.WORKDIR /app— all subsequent commands run relative to/appinside the container.COPY package*.json ./thenRUN npm ci— copying only the manifest files first means Docker caches the installednode_moduleslayer. A code-only change skips thenpm cistep entirely, making iterative builds much faster.npm ci— performs a clean install frompackage-lock.json, giving the same dependency tree every time.COPY . .— copies application source after dependencies are installed.EXPOSE 5000— documents the port; the actual binding is handled bydocker run -p.CMD ["npm", "start"]— runsnode src/index.js, which loads.env(or environment variables), validates the temp directory, connects to MongoDB, then starts the Express server.
Environment Variables Reference
All configuration is driven by environment variables. There are no hard-coded defaults in production code beyond the fallback port.| Variable | Required | Description |
|---|---|---|
PORT | Yes | Port the Express server listens on. Must match the Docker -p mapping. |
HOST | No | Network interface to bind. Defaults to 0.0.0.0 (all interfaces). |
CORS_ORIGIN | Yes | Exact origin allowed by the CORS middleware (e.g. https://app.example.com). |
MONGODB_URL | Yes | Full MongoDB connection string. The database name is appended automatically by the app. |
ACCESS_TOKEN_SECRET | Yes | Secret used to sign short-lived JWT access tokens. Use a long random string. |
ACCESS_TOKEN_EXPIRY | Yes | Lifetime of the access token (e.g. 1d, 15m). |
REFRESH_TOKEN_SECRET | Yes | Secret used to sign long-lived JWT refresh tokens. Must differ from ACCESS_TOKEN_SECRET. |
REFRESH_TOKEN_EXPIRY | Yes | Lifetime of the refresh token (e.g. 10d). |
DEFAULT_AVATAR | No | Cloudinary URL used as the avatar when a user registers without uploading one. |
DEFAULT_COVER_IMAGE | No | Cloudinary URL used as the channel cover image when none is provided. |
CLOUDINARY_API_KEY | Yes | API key from your Cloudinary dashboard. |
CLOUDINARY_SECRET_KEY | Yes | API secret from your Cloudinary dashboard. |
CLOUDINARY_CLOUD_NAME | Yes | Your Cloudinary cloud name (subdomain). |
Manual (Non-Docker) Deployment
If you prefer to run directly on a VPS or PaaS platform without Docker, follow these steps:Set environment variables
Create a
.env file (or export variables through your platform’s secrets manager) with all the values listed in the table above. At minimum you must provide MONGODB_URL, ACCESS_TOKEN_SECRET, REFRESH_TOKEN_SECRET, and all three Cloudinary credentials.Start the server
node src/index.js directly. For process management and automatic restarts on crash, wrap the command with a process manager such as PM2:Production Checklist
Before going live, verify the following:
- CORS origin — set
CORS_ORIGINto your exact frontend domain (e.g.https://videohub.example.com). A wildcard*will break cookie-based authentication becausecredentials: trueand wildcard origins are incompatible. - Strong JWT secrets — generate both secrets with
openssl rand -hex 64and store them in a secrets manager, not in plain text files. - HTTPS termination — run the Express server behind a reverse proxy (nginx, Caddy, or a cloud load balancer) that terminates TLS. HTTP-only cookies set without
secure: trueat the application layer are acceptable when TLS is handled upstream, but confirm your proxy forwards the correct protocol headers. - MongoDB network access — restrict your Atlas cluster’s IP access list to only the IP addresses of your production servers.
- Cloudinary upload presets — consider restricting unsigned uploads in your Cloudinary settings to prevent unauthenticated media uploads directly to your cloud.