Insolitum Developers
Guides

Deployment

Deploy your Insolitum Universe module to Vercel, Railway, or Docker. HTTPS, CSP headers, and production configuration.

Deployment

Your module needs to be deployed on a publicly accessible URL with HTTPS before it can be added to Universe Shell or submitted to the marketplace.

Vercel is the recommended platform for Next.js modules — zero config, automatic HTTPS, and global CDN.

Push your module code to a Git repository (GitHub, GitLab, or Bitbucket).

Create a new project on vercel.com and import the repository.

Configure environment variables in the Vercel dashboard:

VariableValue
NEXT_PUBLIC_SUPABASE_URLhttps://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEYYour Supabase anon key
NEXT_PUBLIC_MODULE_IDYour module slug
NEXT_PUBLIC_MODULE_VERSION1.0.0
NEXT_PUBLIC_WS_URLwss://ws.insolitum.ai (if using NATS)

Deploy. Your module is live at https://your-module.vercel.app.

Railway

For modules that need a custom backend or Docker:

Dockerfile
FROM node:18-alpine AS builder
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN npm install -g pnpm && pnpm install --frozen-lockfile
COPY . .
RUN pnpm build
 
FROM node:18-alpine AS runner
WORKDIR /app
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/public ./public
 
ENV PORT=3010
EXPOSE 3010
CMD ["node", "server.js"]

The output: 'standalone' setting in next.config.ts creates an optimized self-contained build.

CSP Headers Configuration

Your module must allow iframe embedding from Insolitum domains. This is configured in next.config.ts:

next.config.ts
const nextConfig = {
  output: 'standalone',
  async headers() {
    return [
      {
        source: '/(.*)',
        headers: [
          {
            key: 'X-Frame-Options',
            value: 'ALLOWALL',
          },
          {
            key: 'Content-Security-Policy',
            value: "frame-ancestors 'self' https://*.insolitum.ai http://localhost:*",
          },
        ],
      },
    ];
  },
};

If your module has X-Frame-Options: DENY, it will not load in Universe Shell and will fail marketplace validation.

HTTPS Requirement

  • Production: HTTPS is mandatory. Vercel and Railway provide it automatically.
  • Development: http://localhost:* is allowed for local testing.
  • The marketplace validator will reject modules without HTTPS.

Security Headers

For the best validation score, include these security headers:

headers: [
  { key: 'X-Content-Type-Options', value: 'nosniff' },
  { key: 'X-XSS-Protection', value: '1; mode=block' },
  { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
  { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' },
]

Custom Domain

To use a custom domain (e.g., mymodule.example.com):

  1. Add the domain in your hosting provider (Vercel/Railway)
  2. Configure DNS (CNAME or A record)
  3. Update the deploy_url in your marketplace submission

Health Monitoring

Universe Shell periodically checks your module's health endpoint:

GET https://your-module.vercel.app/api/health

Requirements:

  • Must return 200 OK
  • Must return { status: "ok" } in the JSON body
  • Response time should be under 500ms

If the health check fails repeatedly, the module may be temporarily deactivated in the Shell.

Previous

Testing

Next

Marketplace Submission

On this page