Skip to content
NuxtBase logo NuxtBase Docs

Domain & DNS

For NuxtBase, domain alignment is not just a cosmetic DNS step.

Several parts of the product depend on the final public origin being correct:

  • Better Auth
  • email callback URLs
  • OAuth callback URLs
  • Stripe return URLs
  • webhook verification links
  • sitemap and SEO output

The Core Production URLs

Section titled “The Core Production URLs”

At minimum, these values must reflect your real production domain:

Terminal window
NUXT_PUBLIC_SITE_URL=https://app.example.com
BETTER_AUTH_URL=https://app.example.com

If those values point at the wrong host, auth and callback flows will drift.

If you are using passkeys, also review this value carefully:

Terminal window
BETTER_AUTH_PASSKEY_RP_ID=app.example.com

The template prefers an explicit passkey RP ID when one is set. That means a leftover local value such as localhost can survive a production URL change and still break passkey behavior even if NUXT_PUBLIC_SITE_URL and BETTER_AUTH_URL are already correct.

Why Origin Consistency Matters

Section titled “Why Origin Consistency Matters”

The template contains explicit same-origin behavior in several places.

For example:

  • billing return URLs must match the origin of NUXT_PUBLIC_SITE_URL
  • Better Auth callbacks should point back to the same production app
  • passkeys can bind to an explicit RP ID instead of inferring from the auth URL
  • waitlist and email verification links are built from NUXT_PUBLIC_SITE_URL

That means “the app is live on one domain but env vars still point elsewhere” is not a harmless mismatch.

DNS And TLS Checklist

Section titled “DNS And TLS Checklist”

Before launch, confirm:

  • DNS points the production hostname to your app
  • HTTPS is enabled
  • the final certificate is valid
  • reverse proxy headers are correct if you are behind a platform proxy
  • BETTER_AUTH_PASSKEY_RP_ID is updated, cleared, or intentionally set for the production hostname

OAuth And Provider Console Updates

Section titled “OAuth And Provider Console Updates”

When switching from local to production, update provider dashboards too.

At minimum, revisit:

  • Google OAuth allowed origins and redirect URIs
  • GitHub OAuth callback URL
  • Stripe webhook endpoint and signing secret
  • email sender domain configuration

These are not inferred automatically from your deploy platform.

Multi-Domain Warning

Section titled “Multi-Domain Warning”

If you plan to use different public domains for marketing and app traffic, document that choice carefully and map every callback explicitly.

The template assumes a coherent app origin for many features, so avoid unnecessary domain sprawl until the base deployment is stable.