CertFlow — Next.js + MongoDB + Docker

Tech Stack

Layer	Tech
Fullstack	Next.js 14 App Router
Database	MongoDB Atlas (or self-hosted MongoDB 7)
Auth	JWT (httpOnly cookie + Bearer header)
Payments	Razorpay
PDF/Image	canvas + pdfkit + sharp
Email	Nodemailer (SMTP)
Deploy	Docker + Nginx on any VPS

---

🚀 Quick Start (Local Dev)

# 1. Install dependencies
npm install

# 2. Configure environment
cp .env.example .env.local
# Edit .env.local with your values (MongoDB URI, SMTP, etc.)

# 3. Seed database (creates admin user + default settings)
npm run seed

# 4. Start dev server
npm run dev
# → http://localhost:3000

---

🐳 Docker Deployment (VPS)

Prerequisites

• VPS with Docker + Docker Compose installed
• Domain pointed to your VPS IP
• SSL certificate (see below)

Step 1 — Clone & configure

git clone https://github.com/yourorg/certflow.git
cd certflow
cp .env.example .env
nano .env   # Fill in all values

Step 2 — SSL certificate

# Using Certbot (recommended)
apt install certbot
certbot certonly --standalone -d yourdomain.com

# Copy certs to nginx/ssl/
mkdir -p nginx/ssl
cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem nginx/ssl/
cp /etc/letsencrypt/live/yourdomain.com/privkey.pem nginx/ssl/

Step 3 — Update Nginx config

Edit nginx/certflow.conf:

server_name yourdomain.com www.yourdomain.com;

Step 4 — Deploy

# Build and start everything
docker-compose up -d --build

# Seed the database
docker-compose exec app node scripts/seed.js

# View logs
docker-compose logs -f app

Step 5 — Verify

https://yourdomain.com          → Landing page
https://yourdomain.com/admin    → Admin panel (use seeded credentials)
https://yourdomain.com/api/health → {"status":"ok","db":"connected"}

---

🌿 Using MongoDB Atlas (Recommended)

1. Go to cloud.mongodb.com → Create free cluster
2. Database Access → Add user with password
3. Network Access → Allow 0.0.0.0/0 (or your VPS IP)
4. Connect → Drivers → Copy connection string
5. Set in .env:

   MONGODB_URI=mongodb+srv://username:password@cluster0.xxxxx.mongodb.net/certflow
   

6. Comment out the mongo service in docker-compose.yml (you don't need local MongoDB)

---

⚙️ Key Environment Variables

NEXT_PUBLIC_APP_URL=https://yourdomain.com
MONGODB_URI=mongodb+srv://...
JWT_SECRET=<random 64-char string>
RAZORPAY_KEY_ID=rzp_live_xxx
RAZORPAY_SECRET=xxx
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASS=SG.xxx
SMTP_FROM_EMAIL=noreply@yourdomain.com

---

👤 Creating Admin Account

Run the seed script after deployment:

# Local
ADMIN_EMAIL=you@domain.com ADMIN_PASSWORD=SecurePass123! npm run seed

# Docker
docker-compose exec app node scripts/seed.js

Or promote any existing user in MongoDB:

db.users.updateOne({ email: "you@domain.com" }, { $set: { plan: "admin", certsLimit: 999999 } })

---

📁 File Storage

By default, files are stored in the uploads/ directory (mounted as a Docker volume).

For production at scale, switch to S3:

1. npm install @aws-sdk/client-s3 @aws-sdk/lib-storage
2. Replace fs.writeFileSync calls in src/app/api/templates/route.js and src/lib/certGenerator.js with S3 uploads
3. Return S3 URLs instead of local paths

---

🔒 Security Checklist

• JWT_SECRET = random 64+ char string
• ENCRYPTION_KEY = random 32 char string
• Razorpay set to live mode in admin panel
• Remove MongoDB port exposure (27017) from docker-compose.yml in production
• Set NEXT_PUBLIC_APP_URL to your real domain
• Renew SSL certs (Certbot auto-renews if configured)

---

📋 API Routes Reference

Method	Route	Auth	Description
POST	/api/auth/register	—	Register new user
POST	/api/auth/login	—	Login, returns JWT
POST	/api/auth/google	—	Google OAuth
GET	/api/users/me	✓	Current user profile
GET	/api/users/stats	✓	Dashboard stats
GET	/api/templates	✓	List user templates
POST	/api/templates	✓	Upload template
GET	/api/campaigns	✓	List campaigns
POST	/api/campaigns	✓	Create + start campaign
GET	/api/campaigns/[id]	✓	Campaign detail + stats
GET	/api/campaigns/[id]/export	✓	Export CSV
GET	/api/certificates	✓	List certificates
POST	/api/certificates/[id]/resend	✓	Resend email
GET	/api/public/verify/[certId]	—	Public verification
POST	/api/payments/create-order	✓	Create Razorpay order
POST	/api/payments/verify	✓	Verify payment + upgrade
GET	/api/admin/overview	Admin	Platform stats
GET	/api/admin/users	Admin	List users
PUT	/api/admin/users	Admin	Update user
GET	/api/admin/settings	Admin	Get settings
PUT	/api/admin/settings	Admin	Update settings
GET	/api/health	—	Health check

---

🔄 Updating Production

git pull
docker-compose up -d --build app
docker-compose logs -f app

---

© 2025 CertFlow