WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
dragonflight/services/web-ui/nginx.conf

126 lines
4.6 KiB
Nginx Configuration File
Raw Normal View History

fix(web-ui): stop nginx from eating Set-Cookie on /api/ and /capture/ Login was infinite-looping in production. Server side was healthy (sessions landing in PG, /me returning 200 to a manually-signed cookie) but the browser never received `Set-Cookie`. Bisected the proxy chain layer by layer with direct curls on the box: - mam-api direct (port 47432) → Set-Cookie present - web-ui nginx (port 47434) → Set-Cookie STRIPPED - NPM (https://dragonflight.live) → Set-Cookie stripped (because web-ui ate it) Root cause was this in /api/ and /capture/: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; The literal "upgrade" was being sent on every request, not just real WebSocket negotiations. Nginx then routes the upstream response through its tunnel/upgrade code path, which doesn't preserve all response headers the same way — Set-Cookie got silently dropped. mam-api doesn't speak WebSockets today so it never sent a 101, and the bad pattern went unnoticed until session-cookie auth shipped. Fix is the standard conditional pattern: a `map` directive at the top of default.conf computes $connection_upgrade as "upgrade" only when the client actually requested Upgrade, otherwise "close". Both location blocks now send `Connection $connection_upgrade` instead of the hardcoded literal. WebSocket support on either location continues to work unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 21:48:49 -04:00
# Map for proper WebSocket upgrade handling on the proxied locations below.
fix(web-ui): forward X-Forwarded-Proto from outer proxy so mam-api emits Set-Cookie This is the real cause of the login loop. mam-api sets its session cookie with Secure=true (production config). express-session refuses to emit a Secure Set-Cookie unless req.secure is true. With `app.set('trust proxy')` on, req.secure derives from X-Forwarded-Proto. web-ui's nginx was unconditionally sending `X-Forwarded-Proto: $scheme`. Inside the web-ui container nginx listens on port 80, so $scheme is always "http" — regardless of whether the outer NPM proxy terminated TLS. mam-api saw http, decided the connection was insecure, and silently dropped the Set-Cookie from the login response. Login succeeded server-side (session row landed in PG, last_login_at updated) but the browser never received a cookie, so the very next /auth/me check came back 401 and AuthGate bounced to the login screen. Infinite loop. The previous Connection: "upgrade" → $connection_upgrade fix wasn't wrong (the hardcode is a real latent bug worth fixing) — it just wasn't the proximate cause. Fix: a second `map` directive forwards the outer X-Forwarded-Proto through when present, falling back to $scheme only when no proxy header exists (so direct localhost curls still work). Both /api/ and /capture/ now send the correct value upstream, mam-api sees https, req.secure is true, Set-Cookie flows through, login works. Verified by curling the existing direct-to-mam-api path: with X-Forwarded- Proto: https on the request, Set-Cookie comes back; without it, no Set-Cookie. That's the exact difference between web-ui-proxied and direct-to-mam-api in our previous diagnostic curls. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 22:11:27 -04:00
# Hardcoding `proxy_set_header Connection "upgrade"` puts nginx into tunnel-
# mode for every request, which has caused subtle bugs in the past. This
# variant only sets Connection: upgrade when the client actually requested
# an Upgrade (real WebSocket); otherwise it's "close".
fix(web-ui): stop nginx from eating Set-Cookie on /api/ and /capture/ Login was infinite-looping in production. Server side was healthy (sessions landing in PG, /me returning 200 to a manually-signed cookie) but the browser never received `Set-Cookie`. Bisected the proxy chain layer by layer with direct curls on the box: - mam-api direct (port 47432) → Set-Cookie present - web-ui nginx (port 47434) → Set-Cookie STRIPPED - NPM (https://dragonflight.live) → Set-Cookie stripped (because web-ui ate it) Root cause was this in /api/ and /capture/: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; The literal "upgrade" was being sent on every request, not just real WebSocket negotiations. Nginx then routes the upstream response through its tunnel/upgrade code path, which doesn't preserve all response headers the same way — Set-Cookie got silently dropped. mam-api doesn't speak WebSockets today so it never sent a 101, and the bad pattern went unnoticed until session-cookie auth shipped. Fix is the standard conditional pattern: a `map` directive at the top of default.conf computes $connection_upgrade as "upgrade" only when the client actually requested Upgrade, otherwise "close". Both location blocks now send `Connection $connection_upgrade` instead of the hardcoded literal. WebSocket support on either location continues to work unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 21:48:49 -04:00
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
fix(web-ui): forward X-Forwarded-Proto from outer proxy so mam-api emits Set-Cookie This is the real cause of the login loop. mam-api sets its session cookie with Secure=true (production config). express-session refuses to emit a Secure Set-Cookie unless req.secure is true. With `app.set('trust proxy')` on, req.secure derives from X-Forwarded-Proto. web-ui's nginx was unconditionally sending `X-Forwarded-Proto: $scheme`. Inside the web-ui container nginx listens on port 80, so $scheme is always "http" — regardless of whether the outer NPM proxy terminated TLS. mam-api saw http, decided the connection was insecure, and silently dropped the Set-Cookie from the login response. Login succeeded server-side (session row landed in PG, last_login_at updated) but the browser never received a cookie, so the very next /auth/me check came back 401 and AuthGate bounced to the login screen. Infinite loop. The previous Connection: "upgrade" → $connection_upgrade fix wasn't wrong (the hardcode is a real latent bug worth fixing) — it just wasn't the proximate cause. Fix: a second `map` directive forwards the outer X-Forwarded-Proto through when present, falling back to $scheme only when no proxy header exists (so direct localhost curls still work). Both /api/ and /capture/ now send the correct value upstream, mam-api sees https, req.secure is true, Set-Cookie flows through, login works. Verified by curling the existing direct-to-mam-api path: with X-Forwarded- Proto: https on the request, Set-Cookie comes back; without it, no Set-Cookie. That's the exact difference between web-ui-proxied and direct-to-mam-api in our previous diagnostic curls. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 22:11:27 -04:00
# Forward the outer X-Forwarded-Proto when present; fall back to $scheme.
# THIS IS WHY LOGIN WAS LOOPING: web-ui listens on port 80 inside the
# container, so $scheme is always "http". With `proxy_set_header
# X-Forwarded-Proto $scheme;`, mam-api saw http, decided req.secure=false,
# and (because cookie.secure=true in production) silently refused to emit
# the Set-Cookie at all. NPM correctly sends X-Forwarded-Proto: https on
# the outer request — we just have to pass it through to mam-api.
map $http_x_forwarded_proto $proxied_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
server {
listen 80;
server_name _;
fix(nginx): use Docker embedded DNS resolver to avoid startup DNS failure nginx resolves upstream hostnames at config load time, which fails when sibling containers haven't registered with the Docker DNS yet. Using resolver 127.0.0.11 with set $upstream defers resolution to request time, preventing the "host not found in upstream" startup crash.
2026-05-16 08:44:50 -04:00
# Docker embedded DNS — defers upstream resolution to request time
# This prevents nginx crashing at startup if sibling containers aren't
# ready yet (which happens on the first `docker compose up`).
resolver 127.0.0.11 valid=10s ipv6=off;
Phase 2: services/web-ui/nginx.conf
2026-04-07 22:05:41 -04:00
# Allow unlimited client upload size
client_max_body_size 0;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
# Gzip compression
gzip on;
gzip_types text/plain text/css text/javascript application/javascript application/json;
gzip_min_length 1000;
# Root location - serve static files
root /usr/share/nginx/html;
fix(web-ui): css must-revalidate so deployed styles are picked up immediately Nginx was serving css with `expires 1y; Cache-Control: public, immutable`, which combined with version-less <link href="styles-rest.css"> meant every browser permanently pinned whatever stylesheet it cached first. Users were seeing pre-polish-round-2 CSS even after the new image was deployed — the calendar grid rendered as a vertical stack of weekday names because the .cal-* rules didn't exist in the cached file. Move css into the same bucket as js: must-revalidate via ETag. Fonts, icons, and raster assets stay in the immutable 1y bucket since they don't change between deploys. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 15:40:26 -04:00
# Fonts, icons, images: rarely change, safe to cache aggressively.
location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
expires 1y;
add_header Cache-Control "public, immutable";
}
fix(web-ui): css must-revalidate so deployed styles are picked up immediately Nginx was serving css with `expires 1y; Cache-Control: public, immutable`, which combined with version-less <link href="styles-rest.css"> meant every browser permanently pinned whatever stylesheet it cached first. Users were seeing pre-polish-round-2 CSS even after the new image was deployed — the calendar grid rendered as a vertical stack of weekday names because the .cal-* rules didn't exist in the cached file. Move css into the same bucket as js: must-revalidate via ETag. Fonts, icons, and raster assets stay in the immutable 1y bucket since they don't change between deploys. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 15:40:26 -04:00
# CSS / JS — must revalidate so a redeploy is picked up immediately.
# The index.html links these without a version query string, so without
# this rule a stale stylesheet/script sits in the browser cache forever
# (which produced the unstyled calendar that triggered this fix).
location ~* \.(css|js)$ {
fix(web-ui): bust JS cache so api.js fix actually reaches the browser The api.js library-list fix from the previous commit never reached the browser because nginx served all .js with `Cache-Control: public, immutable; max-age=31536000`. The HTML referenced api.js with no version query, so the browser kept its year-cached buggy copy. * nginx.conf: drop .js from the immutable long-cache block, add a no-cache must-revalidate block so future redeploys are picked up immediately. * All HTML files: tag api.js refs with ?v=4 so already-running browsers fetch the new version on next page load.
2026-05-17 08:30:49 -04:00
expires -1;
add_header Cache-Control "no-cache, must-revalidate";
}
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
# HTML files - no cache
location ~* \.html?$ {
expires -1;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
feat(growing-files): Phase 1 - live HLS preview during recording While a recorder is running, the capture container tees an HLS stream into /live/<assetId>/ alongside the ProRes master upload. The asset row is pre-created at recorder start with status='live' so the clip appears in the library immediately. /api/v1/assets/:id/stream returns the HLS playlist URL until recording stops, then proxy. * docker-compose: shared wild-dragon-live mount on api/capture/web-ui * migration 001-add-live-status: idempotent ALTER TYPE for asset_status * mam-api: runMigrations() on boot; recorders.js pre-creates live asset + passes ASSET_ID; assets.js POST upserts on existing live row instead of inserting a duplicate, and stream route returns HLS for live assets * capture: parallel HLS ffmpeg into /live/<assetId>/; ASSET_ID env * web-ui: nginx serves /live/, preview.js loads hls.js, LIVE badge added
2026-05-18 07:29:50 -04:00
# Live HLS — served from /live (bind-mounted shared volume), low cache so playlist refreshes
location /live/ {
alias /live/;
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
add_header Cache-Control "no-cache";
add_header Access-Control-Allow-Origin *;
}
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
# API proxy - forward to mam-api service
location /api/ {
fix(nginx): use Docker embedded DNS resolver to avoid startup DNS failure nginx resolves upstream hostnames at config load time, which fails when sibling containers haven't registered with the Docker DNS yet. Using resolver 127.0.0.11 with set $upstream defers resolution to request time, preventing the "host not found in upstream" startup crash.
2026-05-16 08:44:50 -04:00
set $api_upstream http://mam-api:3000;
Phase 2: services/web-ui/nginx.conf
2026-04-07 22:05:41 -04:00
client_max_body_size 0;
fix(nginx): use Docker embedded DNS resolver to avoid startup DNS failure nginx resolves upstream hostnames at config load time, which fails when sibling containers haven't registered with the Docker DNS yet. Using resolver 127.0.0.11 with set $upstream defers resolution to request time, preventing the "host not found in upstream" startup crash.
2026-05-16 08:44:50 -04:00
proxy_pass $api_upstream;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
fix(web-ui): stop nginx from eating Set-Cookie on /api/ and /capture/ Login was infinite-looping in production. Server side was healthy (sessions landing in PG, /me returning 200 to a manually-signed cookie) but the browser never received `Set-Cookie`. Bisected the proxy chain layer by layer with direct curls on the box: - mam-api direct (port 47432) → Set-Cookie present - web-ui nginx (port 47434) → Set-Cookie STRIPPED - NPM (https://dragonflight.live) → Set-Cookie stripped (because web-ui ate it) Root cause was this in /api/ and /capture/: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; The literal "upgrade" was being sent on every request, not just real WebSocket negotiations. Nginx then routes the upstream response through its tunnel/upgrade code path, which doesn't preserve all response headers the same way — Set-Cookie got silently dropped. mam-api doesn't speak WebSockets today so it never sent a 101, and the bad pattern went unnoticed until session-cookie auth shipped. Fix is the standard conditional pattern: a `map` directive at the top of default.conf computes $connection_upgrade as "upgrade" only when the client actually requested Upgrade, otherwise "close". Both location blocks now send `Connection $connection_upgrade` instead of the hardcoded literal. WebSocket support on either location continues to work unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 21:48:49 -04:00
proxy_set_header Connection $connection_upgrade;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
fix(web-ui): forward X-Forwarded-Proto from outer proxy so mam-api emits Set-Cookie This is the real cause of the login loop. mam-api sets its session cookie with Secure=true (production config). express-session refuses to emit a Secure Set-Cookie unless req.secure is true. With `app.set('trust proxy')` on, req.secure derives from X-Forwarded-Proto. web-ui's nginx was unconditionally sending `X-Forwarded-Proto: $scheme`. Inside the web-ui container nginx listens on port 80, so $scheme is always "http" — regardless of whether the outer NPM proxy terminated TLS. mam-api saw http, decided the connection was insecure, and silently dropped the Set-Cookie from the login response. Login succeeded server-side (session row landed in PG, last_login_at updated) but the browser never received a cookie, so the very next /auth/me check came back 401 and AuthGate bounced to the login screen. Infinite loop. The previous Connection: "upgrade" → $connection_upgrade fix wasn't wrong (the hardcode is a real latent bug worth fixing) — it just wasn't the proximate cause. Fix: a second `map` directive forwards the outer X-Forwarded-Proto through when present, falling back to $scheme only when no proxy header exists (so direct localhost curls still work). Both /api/ and /capture/ now send the correct value upstream, mam-api sees https, req.secure is true, Set-Cookie flows through, login works. Verified by curling the existing direct-to-mam-api path: with X-Forwarded- Proto: https on the request, Set-Cookie comes back; without it, no Set-Cookie. That's the exact difference between web-ui-proxied and direct-to-mam-api in our previous diagnostic curls. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 22:11:27 -04:00
proxy_set_header X-Forwarded-Proto $proxied_x_forwarded_proto;
fix: close all 24 open issues (#40–#94) Bug fixes: - #91: dockerApi() 10s socket timeout (Docker daemon hang) - #77: await syncToAmpp() with .catch() — no longer fire-and-forget - #75: migration 016 — add 'proxy','import' to job_type enum; add 'completed' to job_status - #73: BullMQ orphan job cleanup on hard asset delete - #70: batch-trim jobs table gets expires_at; trim-status auto-expires stale rows - #66: scheduler tick marks stale live assets (>2h) as error - #63: migration 017 — partial unique index prevents concurrent live asset overwrite - #61: recorders.js uses getS3Bucket() not stale process.env.S3_BUCKET - #60: already fixed (copy nulls proxy/thumbnail keys, requeues proxy) - #40: already fixed (All projects clears openProject) - #64: already fixed (sourceType/needsProxy handled) - #90: GET /jobs now includes DB jobs table (trim jobs visible in UI) - #74: nginx Content-Type header preserved; multer 500MB file size limit - #68: GET /upload returns in-progress ingesting assets - #58: /stream and /video endpoints fall back to original file for all video types - #55: recorder poll .catch() logs auth errors cleanly; redirect stops interval - #52: thumb-status and thumb-duration moved inside position:relative wrapper - #50: ProjectCard gets onContextMenu handler with rename/delete menu - #49: project context menu dismisses on contextmenu + scroll events Features: - #93: POST /assets/:id/reprocess?type=proxy|thumbnail — force re-queue any asset Asset ⋯ menu now shows 'Re-generate proxy' and 'Re-generate thumbnail' buttons UI: - Logo: brightness(0) invert(1) filter applied consistently in sidebar, launcher, and login — white logo pops on dark UI; inline style removed from login.html
2026-05-26 10:10:44 -04:00
# Preserve Content-Type so multer receives the full multipart boundary (#74)
proxy_set_header Content-Type $content_type;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_buffering off;
proxy_request_buffering off;
Phase 2: services/web-ui/nginx.conf
2026-04-07 22:05:41 -04:00
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
}
# Capture proxy - forward to capture service
location /capture/ {
fix(nginx): use Docker embedded DNS resolver to avoid startup DNS failure nginx resolves upstream hostnames at config load time, which fails when sibling containers haven't registered with the Docker DNS yet. Using resolver 127.0.0.11 with set $upstream defers resolution to request time, preventing the "host not found in upstream" startup crash.
2026-05-16 08:44:50 -04:00
set $capture_upstream http://capture:3001;
proxy_pass $capture_upstream;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
fix(web-ui): stop nginx from eating Set-Cookie on /api/ and /capture/ Login was infinite-looping in production. Server side was healthy (sessions landing in PG, /me returning 200 to a manually-signed cookie) but the browser never received `Set-Cookie`. Bisected the proxy chain layer by layer with direct curls on the box: - mam-api direct (port 47432) → Set-Cookie present - web-ui nginx (port 47434) → Set-Cookie STRIPPED - NPM (https://dragonflight.live) → Set-Cookie stripped (because web-ui ate it) Root cause was this in /api/ and /capture/: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; The literal "upgrade" was being sent on every request, not just real WebSocket negotiations. Nginx then routes the upstream response through its tunnel/upgrade code path, which doesn't preserve all response headers the same way — Set-Cookie got silently dropped. mam-api doesn't speak WebSockets today so it never sent a 101, and the bad pattern went unnoticed until session-cookie auth shipped. Fix is the standard conditional pattern: a `map` directive at the top of default.conf computes $connection_upgrade as "upgrade" only when the client actually requested Upgrade, otherwise "close". Both location blocks now send `Connection $connection_upgrade` instead of the hardcoded literal. WebSocket support on either location continues to work unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 21:48:49 -04:00
proxy_set_header Connection $connection_upgrade;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
fix(web-ui): forward X-Forwarded-Proto from outer proxy so mam-api emits Set-Cookie This is the real cause of the login loop. mam-api sets its session cookie with Secure=true (production config). express-session refuses to emit a Secure Set-Cookie unless req.secure is true. With `app.set('trust proxy')` on, req.secure derives from X-Forwarded-Proto. web-ui's nginx was unconditionally sending `X-Forwarded-Proto: $scheme`. Inside the web-ui container nginx listens on port 80, so $scheme is always "http" — regardless of whether the outer NPM proxy terminated TLS. mam-api saw http, decided the connection was insecure, and silently dropped the Set-Cookie from the login response. Login succeeded server-side (session row landed in PG, last_login_at updated) but the browser never received a cookie, so the very next /auth/me check came back 401 and AuthGate bounced to the login screen. Infinite loop. The previous Connection: "upgrade" → $connection_upgrade fix wasn't wrong (the hardcode is a real latent bug worth fixing) — it just wasn't the proximate cause. Fix: a second `map` directive forwards the outer X-Forwarded-Proto through when present, falling back to $scheme only when no proxy header exists (so direct localhost curls still work). Both /api/ and /capture/ now send the correct value upstream, mam-api sees https, req.secure is true, Set-Cookie flows through, login works. Verified by curling the existing direct-to-mam-api path: with X-Forwarded- Proto: https on the request, Set-Cookie comes back; without it, no Set-Cookie. That's the exact difference between web-ui-proxied and direct-to-mam-api in our previous diagnostic curls. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 22:11:27 -04:00
proxy_set_header X-Forwarded-Proto $proxied_x_forwarded_proto;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
proxy_buffering off;
proxy_request_buffering off;
}
feat: editor coming-soon bumper + embedded Premiere panel downloads - Editor: overlay Coming Soon screen over NLE timeline (code preserved, bumper sits at z-index 100 with backdrop blur). Links to download ZXP and Windows installer directly from the bumper. - Settings → Capture SDKs: new Premiere Panel section lists v1.0.0 and v1.0.1 with ZXP + Windows Installer download buttons. Both releases embedded as static files in web-ui under /downloads/. - nginx: /downloads/ location serves files as Content-Disposition attachment with 24h cache. Files added: services/web-ui/public/downloads/dragonflight-premiere-panel-1.0.0.zxp services/web-ui/public/downloads/dragonflight-premiere-panel-1.0.0-windows-setup.exe services/web-ui/public/downloads/dragonflight-premiere-panel-1.0.1.zxp services/web-ui/public/downloads/dragonflight-premiere-panel-1.0.1-windows-setup.exe
2026-05-26 10:34:28 -04:00
# Premiere panel downloads — served as binary attachments
location /downloads/ {
add_header Cache-Control "public, max-age=86400";
add_header Content-Disposition 'attachment';
}
chore(web-ui): delete legacy standalone HTML pages; SPA is the only entry Before this commit /public had two parallel UIs: the React SPA (index.html + screens-*.jsx) and a stack of pre-SPA standalone pages (home.html, recorders.html, jobs.html, ...). The SPA replaces every standalone page, nothing in the .jsx tree links to them, and the only outside references were login.html redirecting to home.html and the nginx fallback pointing at home.html. Delete 16 standalone pages (~9.2k lines of dead markup, ~430KB on disk): _primitives-smoke.html api-tokens.html capture.html cluster.html containers.html edit.html editor.html home.html jobs.html player.html projects.html recorders.html settings.html tokens.html upload.html users.html Keep: index.html — the React SPA shell login.html — the sign-in / setup screen Wire the redirects to the SPA: - login.html post-signin: home.html -> / - nginx try_files fallback: /home.html -> /index.html After this, sign-in lands the operator on the real React app instead of the stale 2025-era home page. The Editor screen continues to embed the separate editor service via the /editor/ nginx proxy (unaffected). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 16:48:38 -04:00
# SPA fallback - try to serve file, else route to the React shell.
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
location / {
chore(web-ui): delete legacy standalone HTML pages; SPA is the only entry Before this commit /public had two parallel UIs: the React SPA (index.html + screens-*.jsx) and a stack of pre-SPA standalone pages (home.html, recorders.html, jobs.html, ...). The SPA replaces every standalone page, nothing in the .jsx tree links to them, and the only outside references were login.html redirecting to home.html and the nginx fallback pointing at home.html. Delete 16 standalone pages (~9.2k lines of dead markup, ~430KB on disk): _primitives-smoke.html api-tokens.html capture.html cluster.html containers.html edit.html editor.html home.html jobs.html player.html projects.html recorders.html settings.html tokens.html upload.html users.html Keep: index.html — the React SPA shell login.html — the sign-in / setup screen Wire the redirects to the SPA: - login.html post-signin: home.html -> / - nginx try_files fallback: /home.html -> /index.html After this, sign-in lands the operator on the real React app instead of the stale 2025-era home page. The Editor screen continues to embed the separate editor service via the /editor/ nginx proxy (unaffected). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 16:48:38 -04:00
try_files $uri $uri/ /index.html;
add services/web-ui/nginx.conf
2026-04-07 21:58:21 -04:00
expires -1;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# Deny access to dotfiles
location ~ /\. {
deny all;
}
}
Reference in a new issue Copy permalink