NEXTDEVKIT DocsCloudflare Workers
Environment variable configuration for Cloudflare Workers deployment
This configuration is ideal for edge computing with global distribution and cost-effective scaling. Cloudflare Workers provide excellent performance with built-in CDN and edge computing capabilities.
🚀 Core Application Settings
| Variable | Description | Example | Required |
|---|---|---|---|
BETTER_AUTH_SECRET | Secret key for Better Auth session encryption | your-32-character-secret-key | ✅ |
BETTER_AUTH_URL | Base URL of your application | https://yourdomain.com | ✅ |
NEXT_PUBLIC_APP_URL | Public URL for client-side usage | https://yourdomain.com | ✅ |
BETTER_AUTH_SECRET is a random string used for encryption and generating hashes. You can generate a secure 32-character key using the following command:
# Generate a secure 32-character key
openssl rand -base64 32Cloudflare Workers and Next.js core configurations are essentially identical, except for database configuration, because Cloudflare Workers has built-in D1 database connection, so there's no need to configure DATABASE_URL.
If you need to use PostgreSQL or other databases, you need to configure DATABASE_URL and modify the related code. You can refer to the configuration in Next.js deployment.
For more D1 database configuration, please refer to:
Cloudflare D1
Set up your Cloudflare D1 database with Drizzle ORM.
📧 Email Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
RESEND_API_KEY | API key for Resend email service | re_123456789 | ❌ |
RESEND_AUDIENCE_ID | Audience ID for newsletter functionality | aud_123456789 | ❌ |
If you need to enable password login functionality, which requires sending emails for email verification, you need to set RESEND_API_KEY. If you need to enable newsletter functionality, you need to set RESEND_AUDIENCE_ID.
If you only enable social media login and don't need transactional emails or newsletter functionality, you don't need to set RESEND_API_KEY and RESEND_AUDIENCE_ID.
For more email-related configuration, please refer to:
Configure email templates and newsletter functionality for user communication.
🔐 OAuth Provider Settings
GitHub OAuth
| Variable | Description | Example | Required |
|---|---|---|---|
GITHUB_CLIENT_ID | GitHub App Client ID | a629723d24c123456 | ❌ |
GITHUB_CLIENT_SECRET | GitHub App Client Secret | abc123def456ghi789jkl012 | ❌ |
If you need to enable GitHub login functionality, you need to set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET.
Google OAuth
| Variable | Description | Example | Required |
|---|---|---|---|
GOOGLE_CLIENT_ID | Google OAuth Client ID | 123456789-abc123.apps.googleusercontent.com | ❌ |
GOOGLE_CLIENT_SECRET | Google OAuth Client Secret | GOCSPX-abc123def456ghi789 | ❌ |
If you need to enable Google login functionality, you need to set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.
For more OAuth-related configuration, please refer to:
Authentication
Set up user authentication and authorization with support for multiple providers including OAuth.
💳 Payment Integration (Stripe)
| Variable | Description | Example | Required |
|---|---|---|---|
STRIPE_SECRET_KEY | Stripe secret key for server-side operations | sk_test_123... or sk_live_123... | ❌ |
STRIPE_WEBHOOK_SECRET | Webhook endpoint secret for Stripe events | whsec_123456789 | ❌ |
NEXT_PUBLIC_PRICE_ID_PRO_MONTHLY | Stripe price ID for monthly pro plan | price_123456789 | ❌ |
NEXT_PUBLIC_PRICE_ID_PRO_YEARLY | Stripe price ID for yearly pro plan | price_987654321 | ❌ |
NEXT_PUBLIC_PRICE_ID_LIFETIME | Stripe price ID for lifetime plan | price_555666777 | ❌ |
For more payment-related configuration, please refer to:
Payment
Integrate Stripe to handle payments and subscriptions with flexible pricing plans.
📁 Storage Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_AVATARS_BUCKET_NAME | S3 bucket name for avatar uploads | my-app-avatars | ❌ |
This configuration should match the bucket name configured in your S3 or Cloudflare R2.
🌍 Cloudflare R2 Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
STORAGE_REGION | Cloudflare R2 region | auto | ❌ |
STORAGE_ACCESS_KEY_ID | Cloudflare R2 access key | xxx | ❌ |
STORAGE_SECRET_ACCESS_KEY | Cloudflare R2 secret key | xxx | ❌ |
STORAGE_ENDPOINT | Cloudflare R2 endpoint | https://xxx.r2.cloudflarestorage.com | ❌ |
Storage
Set up file storage solutions for your application assets and user uploads.
📊 Analytics Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID | Google Analytics website ID | G-xxx | ❌ |
NEXT_PUBLIC_UMAMI_WEBSITE_ID | Umami Analytics website ID | xxx | ❌ |
NEXT_PUBLIC_UMAMI_SCRIPT_URL | Umami Analytics script URL | https://xxx.js | ❌ |
NEXT_PUBLIC_PLAUSIBLE_DOMAIN | Plausible Analytics domain | xxx | ❌ |
NEXT_PUBLIC_PLAUSIBLE_SCRIPT_URL | Plausible Analytics script URL | https://xxx.js | ❌ |
For more analytics-related configuration, please refer to:
Analytics
Track user behavior and application performance with integrated analytics solutions.
💰 Affiliate Marketing Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID | Affonso affiliate ID | xxx | ❌ |
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID is the Affonso affiliate ID used to track promotional effectiveness.
For more affiliate-related configuration, please refer to:
Affiliate
Integrate Affonso to handle affiliate tracking.
📝 .env File Example
BETTER_AUTH_SECRET=
BETTER_AUTH_URL=http://localhost:3000
NEXT_PUBLIC_APP_URL=http://localhost:3000
# ---------Email----------
RESEND_API_KEY=
RESEND_AUDIENCE_ID=
# ---------Auth----------
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# ---------Payment----------
STRIPE_SECRET_KEY=sk_test_
STRIPE_WEBHOOK_SECRET=whsec_
NEXT_PUBLIC_PRICE_ID_PRO_MONTHLY=price_
NEXT_PUBLIC_PRICE_ID_PRO_YEARLY=price_
NEXT_PUBLIC_PRICE_ID_LIFETIME=price_
# ---------Storage----------
NEXT_PUBLIC_AVATARS_BUCKET_NAME=nextdevkit-avatars
# Cloudflare R2
STORAGE_REGION=auto
STORAGE_ACCESS_KEY_ID=
STORAGE_SECRET_ACCESS_KEY=
STORAGE_ENDPOINT=https://xxx.r2.cloudflarestorage.com
# ---------Analytics----------
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID=G-xxx
# Umami Analytics
NEXT_PUBLIC_UMAMI_WEBSITE_ID=
NEXT_PUBLIC_UMAMI_SCRIPT_URL=
# Plausible Analytics
NEXT_PUBLIC_PLAUSIBLE_DOMAIN=
NEXT_PUBLIC_PLAUSIBLE_SCRIPT_URL=
# ---------Affiliate----------
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID=🛠️ Development vs Production Environment
Development Environment
- Use local URLs with
http://localhost:3000 - Use Stripe test keys (starting with
sk_test_) - OAuth redirect URIs should point to localhost
Production Environment
- Use actual domain names for all URLs
- Use Stripe production keys (starting with
sk_live_) - Configure production redirect URIs for OAuth providers
- Ensure all secrets are properly secured and rotated regularly
Production environment variables only need to be configured once, either in .env.production or in wrangler.jsonc.
If you are deploying locally, you can choose to use .env.production directly without configuring it in wrangler.jsonc.
If you are a team that needs to set up a pipeline for CICD deployment, you can consider putting the production environment variables in wrangler.jsonc and then using secrets management like GitHub secrets to deploy the secrets.
For convenience, I usually create a .env.production file locally, put the production environment variables directly in it, and run the deploy command without configuring environment variables in wrangler.jsonc.