4.1 KiB
🌐 Web Server Proxy Configuration for OAuth
🎯 Problem Identified
Your domain bsa.madeamess.online is not properly configured to proxy requests to your Docker containers. When Google redirects to https://bsa.madeamess.online:5173/auth/google/callback, it gets "ERR_CONNECTION_REFUSED" because there's no web server listening on port 5173 for your domain.
🔧 Solution Options
Option 1: Configure Nginx Proxy (Recommended)
If you're using nginx, add this configuration:
# /etc/nginx/sites-available/bsa.madeamess.online
server {
listen 443 ssl;
server_name bsa.madeamess.online;
# SSL configuration (your existing SSL setup)
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
# Proxy to your Docker frontend container
location / {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Important: Handle all routes for SPA
try_files $uri $uri/ @fallback;
}
# Fallback for SPA routing
location @fallback {
proxy_pass http://localhost:5173;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name bsa.madeamess.online;
return 301 https://$server_name$request_uri;
}
Option 2: Configure Apache Proxy
If you're using Apache, add this to your virtual host:
<VirtualHost *:443>
ServerName bsa.madeamess.online
# SSL configuration (your existing SSL setup)
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/private.key
# Enable proxy modules
ProxyPreserveHost On
ProxyRequests Off
# Proxy to your Docker frontend container
ProxyPass / http://localhost:5173/
ProxyPassReverse / http://localhost:5173/
# Handle WebSocket connections for Vite HMR
ProxyPass /ws ws://localhost:5173/ws
ProxyPassReverse /ws ws://localhost:5173/ws
</VirtualHost>
<VirtualHost *:80>
ServerName bsa.madeamess.online
Redirect permanent / https://bsa.madeamess.online/
</VirtualHost>
Option 3: Update Google OAuth Redirect URI (Quick Fix)
Temporary workaround: Update your Google Cloud Console OAuth settings to use http://localhost:5173/auth/google/callback instead of your domain, then access your app directly via http://localhost:5173.
🔄 Alternative: Use Standard Ports
Option 4: Configure to use standard ports (80/443)
Modify your docker-compose to use standard ports:
# In docker-compose.dev.yml
services:
frontend:
ports:
- "80:5173" # HTTP
# or
- "443:5173" # HTTPS (requires SSL setup in container)
Then update Google OAuth redirect URI to:
https://bsa.madeamess.online/auth/google/callback(no port)
🧪 Testing Steps
- Apply web server configuration
- Restart your web server:
# For nginx sudo systemctl reload nginx # For Apache sudo systemctl reload apache2 - Test the proxy:
curl -I https://bsa.madeamess.online - Test OAuth flow:
- Visit
https://bsa.madeamess.online - Click "Continue with Google"
- Complete authentication
- Should redirect back successfully
- Visit
🎯 Root Cause Summary
The OAuth callback was failing because:
- ✅ Frontend routing - Fixed (React Router now handles callback)
- ✅ CORS configuration - Fixed (Backend accepts your domain)
- ❌ Web server proxy - NEEDS FIXING (Domain not proxying to Docker)
Once you configure your web server to proxy bsa.madeamess.online to localhost:5173, the OAuth flow will work perfectly!