From bb3d603f8394fd4ba656330d8f9a74cac51f62b7 Mon Sep 17 00:00:00 2001
From: SysAdmin <sysadmin@silverlabs.uk>
Date: Wed, 1 Oct 2025 14:35:24 +0100
Subject: [PATCH] Revert: Roll back to previous working version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Rolling back nginx changes to restore working state for testing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 NGINX-PROXY-MANAGER-FIX.md    | 111 ----------------------------------
 PUSH-NOTIFICATION-FIX.md      |  93 ----------------------------
 nginx-push-fix-dark-side.conf |  65 --------------------
 3 files changed, 269 deletions(-)
 delete mode 100644 NGINX-PROXY-MANAGER-FIX.md
 delete mode 100644 PUSH-NOTIFICATION-FIX.md
 delete mode 100644 nginx-push-fix-dark-side.conf

diff --git a/NGINX-PROXY-MANAGER-FIX.md b/NGINX-PROXY-MANAGER-FIX.md
deleted file mode 100644
index 772674f..0000000
--- a/NGINX-PROXY-MANAGER-FIX.md
+++ /dev/null
@@ -1,111 +0,0 @@
-# Nginx-Proxy-Manager Push Notification Fix
-
-## Current Status
-✅ **nginx-proxy-manager is running**
-✅ **LittleShop container is healthy**
-❌ **VAPID endpoint returns empty response** (CORS blocking)
-
-## Fix Steps via nginx-proxy-manager UI
-
-### Step 1: Access nginx-proxy-manager
-1. Connect to VPN
-2. Open browser and go to: `http://10.13.13.1:81`
-3. Login with admin credentials
-
-### Step 2: Find the Admin.Dark.Side Proxy Host
-1. Go to "Hosts" → "Proxy Hosts"
-2. Find the entry for `admin.dark.side`
-3. Click the 3-dot menu → "Edit"
-
-### Step 3: Add Custom nginx Configuration
-1. Go to the "Advanced" tab
-2. In the "Custom nginx Configuration" box, add the following:
-
-```nginx
-# CORS headers for push notifications - dark.side domain
-location ~ ^/(api/push|service-worker\.js|manifest\.json|pwa\.js) {
-    # Set CORS headers for dark.side domains
-    set $cors_origin "";
-    if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
-        set $cors_origin $http_origin;
-    }
-
-    # If no specific origin match, allow the dark.side domain generally
-    if ($cors_origin = "") {
-        set $cors_origin "https://admin.dark.side";
-    }
-
-    # Apply CORS headers
-    add_header 'Access-Control-Allow-Origin' $cors_origin always;
-    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-    add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-    add_header 'Access-Control-Allow-Credentials' 'true' always;
-    add_header 'Access-Control-Max-Age' '3600' always;
-
-    # Handle preflight OPTIONS requests
-    if ($request_method = 'OPTIONS') {
-        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
-        add_header 'Access-Control-Max-Age' '3600' always;
-        add_header 'Content-Length' '0';
-        add_header 'Content-Type' 'text/plain charset=UTF-8';
-        return 204;
-    }
-}
-
-# Additional CORS for Admin area
-location /Admin {
-    add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
-    add_header 'Access-Control-Allow-Credentials' 'true' always;
-}
-```
-
-### Step 4: Save and Deploy
-1. Click "Save"
-2. Wait for nginx-proxy-manager to reload the configuration
-
-### Step 5: Test the Fix
-1. Open browser to `https://admin.dark.side`
-2. Open Developer Tools (F12)
-3. Go to Console tab
-4. Try to enable notifications
-5. Check for CORS errors (should be none now)
-
-## Verification Commands
-Once applied, test from command line:
-
-```bash
-# Test VAPID endpoint with CORS headers
-curl -H "Origin: https://admin.dark.side" https://admin.dark.side/api/push/vapidpublickey
-
-# Test OPTIONS preflight request
-curl -X OPTIONS -H "Origin: https://admin.dark.side" -H "Access-Control-Request-Method: POST" https://admin.dark.side/api/push/subscribe
-```
-
-Both should return proper CORS headers and valid responses.
-
-## Alternative: Direct Database Update
-If UI access is not available, you can update via the nginx-proxy-manager database:
-
-```bash
-# SSH to server
-ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1
-
-# Access the database
-docker exec nginx-proxy-manager sh -c "sqlite3 /data/database.sqlite"
-
-# Find the proxy host ID
-SELECT id, domain_names FROM proxy_host WHERE domain_names LIKE '%dark.side%';
-
-# Update the advanced config (replace ID with actual ID from above)
-UPDATE proxy_host SET advanced_config = '[CUSTOM_CONFIG_HERE]' WHERE id = [ID];
-```
-
-## Expected Results After Fix
-- ✅ Push notification subscription works
-- ✅ No CORS errors in browser console
-- ✅ VAPID endpoint returns public key
-- ✅ Service worker registers successfully
-- ✅ Notifications can be sent and received
\ No newline at end of file
diff --git a/PUSH-NOTIFICATION-FIX.md b/PUSH-NOTIFICATION-FIX.md
deleted file mode 100644
index 0d48ee9..0000000
--- a/PUSH-NOTIFICATION-FIX.md
+++ /dev/null
@@ -1,93 +0,0 @@
-# Push Notification Fix for Dark.Side Domain
-
-## Issue
-Push notifications failing because nginx doesn't have proper CORS headers for the `admin.dark.side` domain and the callback endpoints.
-
-## Solution
-The VAPID configuration is already correct with `mailto:admin@littleshop.local` which allows domain-independent operation. The issue is the nginx CORS configuration.
-
-## Current Status
-✅ **VAPID Subject**: Using `mailto:` format (domain-independent)
-✅ **Push Notification Code**: 15-second timeout implemented
-❌ **Nginx CORS**: Needs update for `admin.dark.side` domain
-
-## Required Fix
-
-### Option 1: Update nginx-proxy-manager Custom Config
-If using nginx-proxy-manager UI:
-
-1. Access nginx-proxy-manager at `http://10.13.13.1:81`
-2. Edit the proxy host for `admin.dark.side`
-3. Go to the "Advanced" tab
-4. Add the custom nginx configuration from `nginx-push-fix-dark-side.conf`
-
-### Option 2: Direct nginx Configuration
-If using direct nginx configuration files:
-
-1. SSH to server: `ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1`
-2. Edit the nginx config: `sudo nano /etc/nginx/sites-available/admin-littleshop`
-3. Replace the existing CORS headers with the configuration from `nginx-push-fix-dark-side.conf`
-4. Test: `sudo nginx -t`
-5. Reload: `sudo systemctl reload nginx`
-
-## Key Changes Needed
-
-### Current (Problematic)
-```nginx
-add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
-```
-
-### Updated (Working)
-```nginx
-# Dynamic CORS for dark.side domains
-set $cors_origin "";
-if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
-    set $cors_origin $http_origin;
-}
-
-if ($cors_origin = "") {
-    set $cors_origin "https://admin.dark.side";
-}
-
-add_header 'Access-Control-Allow-Origin' $cors_origin always;
-add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-add_header 'Access-Control-Allow-Credentials' 'true' always;
-
-# Handle preflight OPTIONS requests
-if ($request_method = 'OPTIONS') {
-    return 204;
-}
-```
-
-## Push Notification Endpoints
-These endpoints need the CORS fix:
-- `/api/push/vapidpublickey` - Gets VAPID public key
-- `/api/push/subscribe` - Handles subscription
-- `/service-worker.js` - Service worker file
-- `/manifest.json` - PWA manifest
-- `/pwa.js` - PWA initialization
-
-## Testing After Fix
-1. Connect to VPN
-2. Visit `https://admin.dark.side`
-3. Click the notification bell icon
-4. Allow notifications when prompted
-5. Check browser console for CORS errors (should be none)
-
-## Expected Behavior
-- Notification permission dialog appears
-- No CORS errors in browser console
-- Push subscription succeeds
-- Notifications can be sent/received
-
-## Verification Commands
-```bash
-# Test VAPID endpoint
-curl -H "Origin: https://admin.dark.side" https://admin.dark.side/api/push/vapidpublickey
-
-# Test with OPTIONS (preflight)
-curl -X OPTIONS -H "Origin: https://admin.dark.side" -H "Access-Control-Request-Method: POST" https://admin.dark.side/api/push/subscribe
-```
-
-Both should return proper CORS headers allowing the dark.side domain.
\ No newline at end of file
diff --git a/nginx-push-fix-dark-side.conf b/nginx-push-fix-dark-side.conf
deleted file mode 100644
index e77ce29..0000000
--- a/nginx-push-fix-dark-side.conf
+++ /dev/null
@@ -1,65 +0,0 @@
-# Nginx configuration for push notifications with dark.side domain
-# This should be added to the nginx-proxy-manager custom configuration
-# or applied to the nginx configuration serving admin.dark.side
-
-# CORS headers for push notifications - allows any origin within dark.side domain
-# This pattern allows the callbacks to work regardless of subdomain
-location ~ ^/(api/push|service-worker\.js|manifest\.json|pwa\.js) {
-    # Set CORS headers for dark.side domains
-    set $cors_origin "";
-    if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
-        set $cors_origin $http_origin;
-    }
-
-    # If no specific origin match, allow the dark.side domain generally
-    if ($cors_origin = "") {
-        set $cors_origin "https://admin.dark.side";
-    }
-
-    # Apply CORS headers
-    add_header 'Access-Control-Allow-Origin' $cors_origin always;
-    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-    add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-    add_header 'Access-Control-Allow-Credentials' 'true' always;
-    add_header 'Access-Control-Max-Age' '3600' always;
-
-    # Handle preflight OPTIONS requests
-    if ($request_method = 'OPTIONS') {
-        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
-        add_header 'Access-Control-Max-Age' '3600' always;
-        add_header 'Content-Length' '0';
-        add_header 'Content-Type' 'text/plain charset=UTF-8';
-        return 204;
-    }
-
-    # Proxy to the backend
-    proxy_pass http://localhost:5100;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection 'upgrade';
-    proxy_set_header Host $host;
-    proxy_cache_bypass $http_upgrade;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_buffering off;
-}
-
-# Additional location for the admin area with CORS support
-location /Admin {
-    # Basic CORS for admin area
-    add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
-    add_header 'Access-Control-Allow-Credentials' 'true' always;
-
-    proxy_pass http://localhost:5100/Admin;
-    proxy_http_version 1.1;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-Host $host;
-    proxy_set_header X-Forwarded-Port $server_port;
-}
\ No newline at end of file