Next.js 15 Server Actions fail with “Failed to find Server Action” when deployed with Nixpacks
Answered
British Shorthair posted this in #help-forum
British ShorthairOP
I’m deploying a Next.js 15 app (App Router with Server Actions) to a VPS using Dokploy and Nixpacks. The app starts successfully, but any Server Action fails with
I have already verified that:
- Only one container is running
- DNS is correct and points to a single server
- Cloudflare caching is disabled/bypassed
- NEXT_SERVER_ACTIONS_ENCRYPTION_KEY is fixed and identical across deployments
Despite this, the error still occurs.
What could cause this Server Actions mismatch in a Dokploy + Nixpacks deployment on a home server, and is there a recommended way to resolve or prevent it?
Failed to find Server Action "x". This request might be from an older or newer deployment.I have already verified that:
- Only one container is running
- DNS is correct and points to a single server
- Cloudflare caching is disabled/bypassed
- NEXT_SERVER_ACTIONS_ENCRYPTION_KEY is fixed and identical across deployments
Despite this, the error still occurs.
What could cause this Server Actions mismatch in a Dokploy + Nixpacks deployment on a home server, and is there a recommended way to resolve or prevent it?
Answered by B33fb0n3
your deployment is vulnable to CVE-2025-55184 and CVE-2025-55183. Please update immediately. Check if its resolved after upgrading to
15.3.828 Replies
@British Shorthair I’m deploying a Next.js 15 app (App Router with Server Actions) to a VPS using Dokploy and Nixpacks. The app starts successfully, but any Server Action fails with
Failed to find Server Action "x". This request might be from an older or newer deployment.
I have already verified that:
- Only one container is running
- DNS is correct and points to a single server
- Cloudflare caching is disabled/bypassed
- NEXT_SERVER_ACTIONS_ENCRYPTION_KEY is fixed and identical across deployments
Despite this, the error still occurs.
What could cause this Server Actions mismatch in a Dokploy + Nixpacks deployment on a home server, and is there a recommended way to resolve or prevent it?
normally this server action request is created by an attacker to check if you server is vulnable. CF should normally automatically remove those. Maybe you don't use CF as proxy or have other settings, that disable this removal. You dont need to worry about it in general (when you already updated)
@B33fb0n3 normally this server action request is created by an attacker to check if you server is vulnable. CF should normally automatically remove those. Maybe you don't use CF as proxy or have other settings, that disable this removal. You dont need to worry about it in general (when you already updated)
British ShorthairOP
Thanks for the explanation. By CF, do you mean Cloudflare?
In my case, this doesn’t seem to be a single malicious request. Whenever this error appears, all Server Actions stop working in my app, any button click or form submission that uses a Server Action fails with the same error, even for normal users.
I’ve also tried disabling Cloudflare proxy and caching completely (DNS-only), but the issue still happens.
So I’m wondering: if this were just an attacker or a filtered request, would it cause every Server Action to fail consistently in production?
In my case, this doesn’t seem to be a single malicious request. Whenever this error appears, all Server Actions stop working in my app, any button click or form submission that uses a Server Action fails with the same error, even for normal users.
I’ve also tried disabling Cloudflare proxy and caching completely (DNS-only), but the issue still happens.
So I’m wondering: if this were just an attacker or a filtered request, would it cause every Server Action to fail consistently in production?
@B33fb0n3 what next.js version are you currently on?
British ShorthairOP
i'm using Next.js 15.3.2
@British Shorthair i'm using Next.js 15.3.2
your deployment is vulnable to CVE-2025-55184 and CVE-2025-55183. Please update immediately. Check if its resolved after upgrading to
15.3.8Answer
@B33fb0n3 your deployment is vulnable to CVE-2025-55184 and CVE-2025-55183. Please update **immediately**. Check if its resolved after upgrading to `15.3.8`
British ShorthairOP
can I ask what's CVE-2025-55184 and CVE-2025-55183, can I have a link to that thread too? Thank you
@British Shorthair can I ask what's CVE-2025-55184 and CVE-2025-55183, can I have a link to that thread too? Thank you
sure, here is a link to it: https://nextjs.org/blog/security-update-2025-12-11
One is for a DoS attack and one is for Source Code Exposure
One is for a DoS attack and one is for Source Code Exposure
@B33fb0n3 sure, here is a link to it: https://nextjs.org/blog/security-update-2025-12-11
One is for a DoS attack and one is for Source Code Exposure
British ShorthairOP
thank you so much, I will update and will let you know!
British ShorthairOP
there are still plenty of that error but my app is working normally rn, any way that I can fix it completely
British ShorthairOP
@B33fb0n3 
@British Shorthair there are still plenty of that error but my app is working normally rn, any way that I can fix it completely
when this error occures, do the other server actions continue to work rn (like after the update)?
@B33fb0n3 when this error occures, do the other server actions continue to work rn (like after the update)?
British ShorthairOP
yes it works normally right now, but are there any problem if I keep getting these error and how to prevent it?
@British Shorthair yes it works normally right now, but are there any problem if I keep getting these error and how to prevent it?
CF should normally automatically remove those. Maybe you don't use CF as proxy or have other settings, that disable this removal. You dont need to worry about it in general
@B33fb0n3 CF should normally automatically remove those. Maybe you don't use CF as proxy or have other settings, that disable this removal. You dont need to worry about it in general
British ShorthairOP
I'm using CF, how can I set it up
@British Shorthair I'm using CF, how can I set it up
are you already using the proxy? (not DNS-only)
@B33fb0n3 are you already using the proxy? (not DNS-only)
British ShorthairOP
let me check
@B33fb0n3 are you already using the proxy? (not DNS-only)
British ShorthairOP
it's DNS only
@British Shorthair it's DNS only
then change it to proxy mode
@B33fb0n3 then change it to proxy mode
British ShorthairOP
all good now?
@B33fb0n3 then change it to proxy mode
British ShorthairOP
after I turn on the proxy I cant access my app anymore
I fixed that my change the SSL/TLS encryption mode to Full(strict)
all good now
thank you so much for your help and time @B33fb0n3
happy to help
@B33fb0n3 happy to help
British ShorthairOP
