Ci/Cd

If you still run next build directly on the production server — your server is really suffering. CPU pegged, OOM-kill, 502 errors and long downtimes — this is a classic that needs to end.

In 2026 the industry standard is separate builds:

1. Build a minimal standalone image in the cloud (GitHub Actions).
2. Push it to GHCR (GitHub Container Registry).
3. On the server do only pull + atomic restart.

Chapter 1. The ideal Dockerfile (Multi-stage + Standalone)

The whole secret to a small and fast image is the standalone mode. Next.js itself figures out which files and parts of node_modules are actually needed to run the server, and copies only them.

When a project moves beyond local development and starts using CI/CD, a fundamental question arises: how to securely pass configuration parameters into build and deployment pipelines. This concerns not only database passwords, but also container registry tokens, SSH keys, JWT signing keys, message queue connection strings, and any other parameters that must not be stored in plain text.

Sensitive data ending up in a Git repository is not just bad practice. The commit history is kept forever. Even if a secret is removed in a later commit, it has already become part of the history and can be retrieved via git log, git show or when cloning a fork. In a corporate environment this becomes a real risk during audits, team expansion, or if repository access is leaked.

Write a Dockerfile simply: FROM node, COPY ., CMD run. It works, and for local tests this is often enough. But when such an image reaches CI/CD or, God forbid, production, problems begin: builds take forever, the image weighs gigabytes, and the security team grabs their heads.

The difference between “it works” and “it works correctly” is huge. Let’s go through four levels of optimization that separate a hobbyist hack from a reliable engineering solution.

Over the last ten years the web application deployment industry has evolved from FTP scripts and rsync to highly complex orchestration systems. Today developers and small teams increasingly face a difficult choice:

• either pay a significant premium for the convenience of PaaS platforms (Heroku, Render, Fly.io),
• or dive into the cognitive and operational complexity of Kubernetes.

Kamal offers a third way: the convenience of modern cloud services — on your own server.

Moving to the cloud or changing providers is always open-heart surgery. An engineer has to solve a lot of issues: how to move terabytes of data with minimal downtime? How to convert the schema? How to set up CDC (Change Data Capture) so as not to lose a single transaction during the switch?

Each major cloud provider has its own answer. Approaches are radically different: some provide just a “pipe” for data, some — a full ETL combine, some make migration serverless and as trouble-free as possible.