Fix/deploy #1
Fix/deploy #1
Conversation
- Add ProxyHeadersMiddleware to process X-Forwarded-* headers - Fix mixed content errors by properly handling HTTPS redirects - Update deployment docs with corrected nginx configuration 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
Pull Request Overview
This PR updates the production API base URL to the www subdomain and ensures the application routes and documentation align with the new path, adds proxy header handling in the backend, and enhances the deployment instructions with SSL and redirection.
- Update default
VITE_API_BASE_URLtohttps://www.aleatoric.agency/apiin Dockerfile and compose - Add
ProxyHeadersMiddlewareand prefix health check route to/api/healthin the backend - Revise
DEPLOYMENT.mdand.env.examplefor new CORS settings, SSL/nginx config, and redirect rules
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/Dockerfile | Change default API URL to include /api on the www subdomain |
| docker-compose.yml | Align compose build arg with updated API base URL |
| backend/app/init.py | Add proxy-headers middleware and change health endpoint to /api/health |
| DEPLOYMENT.md | Update CORS origins, API URL, nginx SSL settings, and redirect blocks |
| .env.example | Extend production CORS origins to include www.aleatoric.agency |
Comments suppressed due to low confidence (1)
backend/app/init.py:43
- The health endpoint path was changed to
/api/health; ensure existing tests are updated or add new tests to cover this new route.
@app.get("/api/health")
| ) | ||
|
|
||
| # Add ProxyHeaders middleware first to handle X-Forwarded-* headers | ||
| app.add_middleware(ProxyHeadersMiddleware, trusted_hosts=["*"]) |
There was a problem hiding this comment.
Using trusted_hosts=["*"] allows any proxy to be trusted, which can expose the app to header spoofing. Restrict this setting to known proxy hosts or specific IP ranges.
| - `DATABASE_URL`: Replace `your_password_here` with your POSTGRES_PASSWORD | ||
| - `CORS_ORIGINS`: Change to `["https://aleatoric.agency"]` | ||
| - `VITE_API_BASE_URL`: Set to `https://aleatoric.agency/api` | ||
| - `CORS_ORIGINS`: Change to `["https://aleatoric.agency", "https://www.aleatoric.agency"]` |
There was a problem hiding this comment.
The bullet formatting here differs from the earlier list items; unify indentation and bullet syntax (e.g., use - consistently) to prevent markdown rendering issues.
| # CORS origins - List of allowed frontend URLs | ||
| # Development: ["http://localhost:5173", "http://localhost:5174", "http://localhost:3000"] | ||
| # Production: ["https://aleatoric.agency"] | ||
| # Production: ["https://aleatoric.agency", "https://www.aleatoric.agency"] |
There was a problem hiding this comment.
The commented production example was updated, but the actual CORS_ORIGINS line remains only localhost. Consider adding or clarifying a separate production example assignment for clarity.
- Fix VITE_API_BASE_URL to not include /api suffix - Add production commands to Makefile for easy management - Document nginx proxy_pass configuration without trailing slash - Add prod-up, prod-down, prod-rebuild, prod-update commands - Add database backup and restore commands for production 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
No description provided.