Installation

Installation

Message Center can be installed for development (Docker Compose + local Node.js) or production (Docker or Kubernetes).

First-Time Setup (Development)

# 1. Clone the repository
git clone <repo-url> sms-sender
cd sms-sender/admin/core_admin

# 2. Run first-time setup
make setup

make setup runs the following steps automatically:

1. Verifies Node.js 20+ and Yarn are installed
2. Installs Node.js dependencies (yarn install --frozen-lockfile)
3. Creates .env from .env.example (skipped if .env already exists)
4. Runs database migrations (make migrate)
5. Seeds the database (make seed) — creates the super_admin account and default workspace

After setup completes, fill in your .env with real values (see Environment Variables Reference), then start the dev server:

make dev

This starts MongoDB in Docker on port 27018 and Next.js on port 3000.

Production: Docker

Build the image

make docker-build
# or for multi-arch (amd64 + arm64):
make docker-build-multi

The Dockerfile produces a multi-stage standalone Next.js build with NEXT_TELEMETRY_DISABLED=1 in both builder and runner stages.

Run with Docker

docker run -p 3000:3000 \
  --env-file .env \
  -v /path/to/certs:/app/certs:ro \
  core-admin

Run migrations and seed

Run migrations before starting the app on every deploy — they are idempotent:

docker run --env-file .env core-admin yarn migrate
docker run --env-file .env core-admin yarn seed   # first time only

Docker Compose (production)

make prod-up       # Start production stack
make prod-migrate  # Run migrations
make prod-seed     # Seed (first time only)
make prod-down     # Stop
make prod-logs     # Stream logs

Production: Kubernetes

Apply manifests

# Dry run first
make k8s-dry-run

# Deploy to production
make k8s-deploy

# Check status
make k8s-status

Secrets setup (before first deploy)

Create the required Kubernetes Secrets:

# mTLS certificates
kubectl create secret generic message-center-mtls-certs \
  --from-file=ca.crt=certs/ca/ca.crt \
  --from-file=core.crt=certs/client/core.crt \
  --from-file=core.key=certs/client/core.key \
  -n default

# Application secrets
kubectl create secret generic message-center-secrets \
  --from-literal=NEXTAUTH_SECRET=<generate with: openssl rand -base64 32> \
  --from-literal=MONGODB_URI=mongodb://... \
  --from-literal=BFF_PROXY_EMAIL=... \
  --from-literal=BFF_PROXY_PASSWORD=... \
  --from-literal=CORE_ADMIN_API_KEY=... \
  -n default

Non-secret configuration goes in the ConfigMap (k8s/configmap.yaml):

data:
  NODE_ENV: "production"
  NEXTAUTH_URL: "https://admin.yourcompany.com"
  MONGODB_DB: "message_center"
  CORE_API_URL: "https://core.internal:8080"
  CORE_HEALTH_URL: "http://core.internal:8092/health"
  PROXY_LOGIN_URL: "https://proxy.internal:8088/api/v1/user/login"
  AUDIT_RETENTION_DAYS: "90"

Run migrations in Kubernetes

kubectl run -it --rm migrate \
  --image=<your-registry>/core-admin:latest \
  --restart=Never \
  --env-file=.env \
  -- yarn migrate

Deploy Checklist

Before every deploy:

• .env / Secrets updated with correct values
• make migrate (or equivalent) scheduled to run before pod restart
• mTLS certificates mounted correctly
• Health check endpoint /api/health accessible
• MongoDB reachable and authenticated
• NEXTAUTH_URL matches the actual HTTPS URL used by browsers
• NEXTAUTH_SECRET is a 32-byte random value (openssl rand -base64 32)

Verifying the Installation

After starting:

1. Open http://localhost:3000 (or your production URL).
2. Sign in with the super admin credentials printed during make seed.
3. Open the Diagnostics page and verify:
   • Core API shows OK
   • DB schema shows the current version (9)
   • Audit fallback shows file empty ✓

Next Steps

• mTLS Certificates — certificate structure and rotation
• MongoDB & Migrations — migration history and procedures
• Seeding & Bootstrap — super admin account details
• Environment Variables Reference — complete env var reference