Initial commit - Current state of vip-coordinator

2026-01-24 09:30:26 +01:00
commit aa900505b9
96 changed files with 31868 additions and 0 deletions
--- a/WEB_SERVER_PROXY_SETUP.md
+++ b/WEB_SERVER_PROXY_SETUP.md
@@ -0,0 +1,140 @@
+# 🌐 Web Server Proxy Configuration for OAuth
+
+## 🎯 Problem Identified
+
+Your domain `bsa.madeamess.online` is not properly configured to proxy requests to your Docker containers. When Google redirects to `https://bsa.madeamess.online:5173/auth/google/callback`, it gets "ERR_CONNECTION_REFUSED" because there's no web server listening on port 5173 for your domain.
+
+## 🔧 Solution Options
+
+### Option 1: Configure Nginx Proxy (Recommended)
+
+If you're using nginx, add this configuration:
+
+```nginx
+# /etc/nginx/sites-available/bsa.madeamess.online
+server {
+    listen 443 ssl;
+    server_name bsa.madeamess.online;
+    
+    # SSL configuration (your existing SSL setup)
+    ssl_certificate /path/to/your/certificate.crt;
+    ssl_certificate_key /path/to/your/private.key;
+    
+    # Proxy to your Docker frontend container
+    location / {
+        proxy_pass http://localhost:5173;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        
+        # Important: Handle all routes for SPA
+        try_files $uri $uri/ @fallback;
+    }
+    
+    # Fallback for SPA routing
+    location @fallback {
+        proxy_pass http://localhost:5173;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+# Redirect HTTP to HTTPS
+server {
+    listen 80;
+    server_name bsa.madeamess.online;
+    return 301 https://$server_name$request_uri;
+}
+```
+
+### Option 2: Configure Apache Proxy
+
+If you're using Apache, add this to your virtual host:
+
+```apache
+<VirtualHost *:443>
+    ServerName bsa.madeamess.online
+    
+    # SSL configuration (your existing SSL setup)
+    SSLEngine on
+    SSLCertificateFile /path/to/your/certificate.crt
+    SSLCertificateKeyFile /path/to/your/private.key
+    
+    # Enable proxy modules
+    ProxyPreserveHost On
+    ProxyRequests Off
+    
+    # Proxy to your Docker frontend container
+    ProxyPass / http://localhost:5173/
+    ProxyPassReverse / http://localhost:5173/
+    
+    # Handle WebSocket connections for Vite HMR
+    ProxyPass /ws ws://localhost:5173/ws
+    ProxyPassReverse /ws ws://localhost:5173/ws
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName bsa.madeamess.online
+    Redirect permanent / https://bsa.madeamess.online/
+</VirtualHost>
+```
+
+### Option 3: Update Google OAuth Redirect URI (Quick Fix)
+
+**Temporary workaround:** Update your Google Cloud Console OAuth settings to use `http://localhost:5173/auth/google/callback` instead of your domain, then access your app directly via `http://localhost:5173`.
+
+## 🔄 Alternative: Use Standard Ports
+
+### Option 4: Configure to use standard ports (80/443)
+
+Modify your docker-compose to use standard ports:
+
+```yaml
+# In docker-compose.dev.yml
+services:
+  frontend:
+    ports:
+      - "80:5173"  # HTTP
+      # or
+      - "443:5173" # HTTPS (requires SSL setup in container)
+```
+
+Then update Google OAuth redirect URI to:
+- `https://bsa.madeamess.online/auth/google/callback` (no port)
+
+## 🧪 Testing Steps
+
+1. **Apply web server configuration**
+2. **Restart your web server:**
+   ```bash
+   # For nginx
+   sudo systemctl reload nginx
+   
+   # For Apache
+   sudo systemctl reload apache2
+   ```
+3. **Test the proxy:**
+   ```bash
+   curl -I https://bsa.madeamess.online
+   ```
+4. **Test OAuth flow:**
+   - Visit `https://bsa.madeamess.online`
+   - Click "Continue with Google"
+   - Complete authentication
+   - Should redirect back successfully
+
+## 🎯 Root Cause Summary
+
+The OAuth callback was failing because:
+1. ✅ **Frontend routing** - Fixed (React Router now handles callback)
+2. ✅ **CORS configuration** - Fixed (Backend accepts your domain)
+3. ❌ **Web server proxy** - **NEEDS FIXING** (Domain not proxying to Docker)
+
+Once you configure your web server to proxy `bsa.madeamess.online` to `localhost:5173`, the OAuth flow will work perfectly!