# ๐ŸŒ Web Server Proxy Configuration for OAuth ## ๐ŸŽฏ Problem Identified Your domain `bsa.madeamess.online` is not properly configured to proxy requests to your Docker containers. When Google redirects to `https://bsa.madeamess.online:5173/auth/google/callback`, it gets "ERR_CONNECTION_REFUSED" because there's no web server listening on port 5173 for your domain. ## ๐Ÿ”ง Solution Options ### Option 1: Configure Nginx Proxy (Recommended) If you're using nginx, add this configuration: ```nginx # /etc/nginx/sites-available/bsa.madeamess.online server { listen 443 ssl; server_name bsa.madeamess.online; # SSL configuration (your existing SSL setup) ssl_certificate /path/to/your/certificate.crt; ssl_certificate_key /path/to/your/private.key; # Proxy to your Docker frontend container location / { proxy_pass http://localhost:5173; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; # Important: Handle all routes for SPA try_files $uri $uri/ @fallback; } # Fallback for SPA routing location @fallback { proxy_pass http://localhost:5173; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Redirect HTTP to HTTPS server { listen 80; server_name bsa.madeamess.online; return 301 https://$server_name$request_uri; } ``` ### Option 2: Configure Apache Proxy If you're using Apache, add this to your virtual host: ```apache ServerName bsa.madeamess.online # SSL configuration (your existing SSL setup) SSLEngine on SSLCertificateFile /path/to/your/certificate.crt SSLCertificateKeyFile /path/to/your/private.key # Enable proxy modules ProxyPreserveHost On ProxyRequests Off # Proxy to your Docker frontend container ProxyPass / http://localhost:5173/ ProxyPassReverse / http://localhost:5173/ # Handle WebSocket connections for Vite HMR ProxyPass /ws ws://localhost:5173/ws ProxyPassReverse /ws ws://localhost:5173/ws ServerName bsa.madeamess.online Redirect permanent / https://bsa.madeamess.online/ ``` ### Option 3: Update Google OAuth Redirect URI (Quick Fix) **Temporary workaround:** Update your Google Cloud Console OAuth settings to use `http://localhost:5173/auth/google/callback` instead of your domain, then access your app directly via `http://localhost:5173`. ## ๐Ÿ”„ Alternative: Use Standard Ports ### Option 4: Configure to use standard ports (80/443) Modify your docker-compose to use standard ports: ```yaml # In docker-compose.dev.yml services: frontend: ports: - "80:5173" # HTTP # or - "443:5173" # HTTPS (requires SSL setup in container) ``` Then update Google OAuth redirect URI to: - `https://bsa.madeamess.online/auth/google/callback` (no port) ## ๐Ÿงช Testing Steps 1. **Apply web server configuration** 2. **Restart your web server:** ```bash # For nginx sudo systemctl reload nginx # For Apache sudo systemctl reload apache2 ``` 3. **Test the proxy:** ```bash curl -I https://bsa.madeamess.online ``` 4. **Test OAuth flow:** - Visit `https://bsa.madeamess.online` - Click "Continue with Google" - Complete authentication - Should redirect back successfully ## ๐ŸŽฏ Root Cause Summary The OAuth callback was failing because: 1. โœ… **Frontend routing** - Fixed (React Router now handles callback) 2. โœ… **CORS configuration** - Fixed (Backend accepts your domain) 3. โŒ **Web server proxy** - **NEEDS FIXING** (Domain not proxying to Docker) Once you configure your web server to proxy `bsa.madeamess.online` to `localhost:5173`, the OAuth flow will work perfectly!