Deployment
The project deploys to two platforms simultaneously: Cloudflare (primary, production) and optionally cPanel (legacy fallback).
Cloudflare (primary)
Section titled “Cloudflare (primary)”| Service | What |
|---|---|
| Cloudflare Pages | Frontend (React/Vite build) |
| Cloudflare Workers | Backend (Express via serverless-http) |
| Cloudflare D1 | Database (SQLite) |
| Cloudflare R2 | File storage |
Frontend deployment
Section titled “Frontend deployment”cd frontendnpm run build # outputs to frontend/dist/# Deploy dist/ to Cloudflare Pages# Or connect the repo to Cloudflare Pages for automatic deploys on pushThe frontend/public/_redirects and frontend/public/.htaccess files handle SPA routing (all paths → index.html).
Backend deployment
Section titled “Backend deployment”cd backendnpx wrangler deploywrangler.toml defines the Worker configuration:
- Entry point:
worker.js(wraps Express viaserverless-http) - D1 binding:
DB→ databaseshanvi-db - R2 binding:
BUCKET→ bucketshanvi-uploads nodejs_compatflag: required for Node.js globals in Workers
⚠️ Critical: Rotate hardcoded secrets immediately
Section titled “⚠️ Critical: Rotate hardcoded secrets immediately”wrangler.toml currently has JWT_SECRET and REFRESH_SECRET_KEY committed in plaintext. These values are compromised. To fix:
# Remove the [vars] entries for JWT_SECRET and REFRESH_SECRET_KEY from wrangler.toml# Then set them as proper Cloudflare secrets:npx wrangler secret put JWT_SECRETnpx wrangler secret put REFRESH_SECRET_KEYSecrets set via wrangler secret put are encrypted at rest and never appear in the dashboard or source control.
Environment variables in wrangler.toml
Section titled “Environment variables in wrangler.toml”Non-sensitive vars (like NODE_ENV, FRONTEND_URL) can stay in [vars]. Sensitive values must be Cloudflare secrets.
D1 database migrations
Section titled “D1 database migrations”To apply schema changes to the production D1 database:
# Apply a SQL file to production D1npx wrangler d1 execute shanvi-db --file=./your-migration.sql
# Apply to local D1 (for testing)npx wrangler d1 execute shanvi-db --local --file=./your-migration.sqlThe current codebase uses runtime
ALTER TABLEguards instead of explicit migration files. This is a known issue — see Known Issues for context and the recommended migration approach.
cPanel (legacy / fallback)
Section titled “cPanel (legacy / fallback)”The .cpanel.yml and backend/.htaccess files support deploying the Express server to a cPanel host as a traditional Node.js app with a MySQL database.
cPanel backend
Section titled “cPanel backend”- Upload
backend/to the server - Set environment variables in the Node.js app settings in cPanel
- Run
npm installand setserver.jsas the entry point - Point cPanel’s MySQL database credentials to
.env
cPanel frontend
Section titled “cPanel frontend”- Run
npm run buildlocally - Upload
frontend/dist/to thepublic_htmldirectory - The
frontend/public/.htaccesshandles SPA routing
Staging environment
Section titled “Staging environment”There is currently no dedicated staging environment. The apist.shanvitravel.com.np domain (referenced in frontend/src/config/api.ts) appears to be used as a staging API, but this is not formally documented.
Recommendation: Set up a proper staging Worker (wrangler.toml environments) and Cloudflare Pages preview branch so new features can be tested before hitting production.
# Add to wrangler.toml[env.staging]name = "shanvi-travels-backend-staging"vars = { NODE_ENV = "staging", FRONTEND_URL = "https://staging.shanvitravels.pages.dev" }
[[env.staging.d1_databases]]binding = "DB"database_name = "shanvi-db-staging"database_id = "<staging-db-id>"