SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert: Roll back to previous working version

Browse Source 
Rolling back nginx changes to restore working state for testing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
SysAdmin 2025-10-01 14:35:24 +01:00
parent c5e1fce271
commit bb3d603f83
3 changed files with 0 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
NGINX-PROXY-MANAGER-FIX.md
View File

@ -1,111 +0,0 @@
# Nginx-Proxy-Manager Push Notification Fix
## Current Status
✅ **nginx-proxy-manager is running**
✅ **LittleShop container is healthy**
**VAPID endpoint returns empty response** (CORS blocking)
## Fix Steps via nginx-proxy-manager UI
### Step 1: Access nginx-proxy-manager
1. Connect to VPN
2. Open browser and go to: `http://10.13.13.1:81`
3. Login with admin credentials
### Step 2: Find the Admin.Dark.Side Proxy Host
1. Go to "Hosts" → "Proxy Hosts"
2. Find the entry for `admin.dark.side`
3. Click the 3-dot menu → "Edit"
### Step 3: Add Custom nginx Configuration
1. Go to the "Advanced" tab
2. In the "Custom nginx Configuration" box, add the following:
```nginx
# CORS headers for push notifications - dark.side domain
location ~ ^/(api/push|service-worker\.js|manifest\.json|pwa\.js) {
# Set CORS headers for dark.side domains
set $cors_origin "";
if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
set $cors_origin $http_origin;
}
# If no specific origin match, allow the dark.side domain generally
if ($cors_origin = "") {
set $cors_origin "https://admin.dark.side";
}
# Apply CORS headers
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Max-Age' '3600' always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Content-Length' '0';
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
# Additional CORS for Admin area
location /Admin {
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
}
```
### Step 4: Save and Deploy
1. Click "Save"
2. Wait for nginx-proxy-manager to reload the configuration
### Step 5: Test the Fix
1. Open browser to `https://admin.dark.side`
2. Open Developer Tools (F12)
3. Go to Console tab
4. Try to enable notifications
5. Check for CORS errors (should be none now)
## Verification Commands
Once applied, test from command line:
```bash
# Test VAPID endpoint with CORS headers
curl -H "Origin: https://admin.dark.side" https://admin.dark.side/api/push/vapidpublickey
# Test OPTIONS preflight request
curl -X OPTIONS -H "Origin: https://admin.dark.side" -H "Access-Control-Request-Method: POST" https://admin.dark.side/api/push/subscribe
```
Both should return proper CORS headers and valid responses.
## Alternative: Direct Database Update
If UI access is not available, you can update via the nginx-proxy-manager database:
```bash
# SSH to server
ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1
# Access the database
docker exec nginx-proxy-manager sh -c "sqlite3 /data/database.sqlite"
# Find the proxy host ID
SELECT id, domain_names FROM proxy_host WHERE domain_names LIKE '%dark.side%';
# Update the advanced config (replace ID with actual ID from above)
UPDATE proxy_host SET advanced_config = '[CUSTOM_CONFIG_HERE]' WHERE id = [ID];
```
## Expected Results After Fix
- ✅ Push notification subscription works
- ✅ No CORS errors in browser console
- ✅ VAPID endpoint returns public key
- ✅ Service worker registers successfully
- ✅ Notifications can be sent and received

93
PUSH-NOTIFICATION-FIX.md
View File

@ -1,93 +0,0 @@
# Push Notification Fix for Dark.Side Domain
## Issue
Push notifications failing because nginx doesn't have proper CORS headers for the `admin.dark.side` domain and the callback endpoints.
## Solution
The VAPID configuration is already correct with `mailto:admin@littleshop.local` which allows domain-independent operation. The issue is the nginx CORS configuration.
## Current Status
**VAPID Subject**: Using `mailto:` format (domain-independent)
**Push Notification Code**: 15-second timeout implemented
**Nginx CORS**: Needs update for `admin.dark.side` domain
## Required Fix
### Option 1: Update nginx-proxy-manager Custom Config
If using nginx-proxy-manager UI:
1. Access nginx-proxy-manager at `http://10.13.13.1:81`
2. Edit the proxy host for `admin.dark.side`
3. Go to the "Advanced" tab
4. Add the custom nginx configuration from `nginx-push-fix-dark-side.conf`
### Option 2: Direct nginx Configuration
If using direct nginx configuration files:
1. SSH to server: `ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1`
2. Edit the nginx config: `sudo nano /etc/nginx/sites-available/admin-littleshop`
3. Replace the existing CORS headers with the configuration from `nginx-push-fix-dark-side.conf`
4. Test: `sudo nginx -t`
5. Reload: `sudo systemctl reload nginx`
## Key Changes Needed
### Current (Problematic)
```nginx
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
```
### Updated (Working)
```nginx
# Dynamic CORS for dark.side domains
set $cors_origin "";
if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
set $cors_origin $http_origin;
}
if ($cors_origin = "") {
set $cors_origin "https://admin.dark.side";
}
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
return 204;
}
```
## Push Notification Endpoints
These endpoints need the CORS fix:
- `/api/push/vapidpublickey` - Gets VAPID public key
- `/api/push/subscribe` - Handles subscription
- `/service-worker.js` - Service worker file
- `/manifest.json` - PWA manifest
- `/pwa.js` - PWA initialization
## Testing After Fix
1. Connect to VPN
2. Visit `https://admin.dark.side`
3. Click the notification bell icon
4. Allow notifications when prompted
5. Check browser console for CORS errors (should be none)
## Expected Behavior
- Notification permission dialog appears
- No CORS errors in browser console
- Push subscription succeeds
- Notifications can be sent/received
## Verification Commands
```bash
# Test VAPID endpoint
curl -H "Origin: https://admin.dark.side" https://admin.dark.side/api/push/vapidpublickey
# Test with OPTIONS (preflight)
curl -X OPTIONS -H "Origin: https://admin.dark.side" -H "Access-Control-Request-Method: POST" https://admin.dark.side/api/push/subscribe
```
Both should return proper CORS headers allowing the dark.side domain.

65
nginx-push-fix-dark-side.conf
View File

@ -1,65 +0,0 @@
# Nginx configuration for push notifications with dark.side domain
# This should be added to the nginx-proxy-manager custom configuration
# or applied to the nginx configuration serving admin.dark.side
# CORS headers for push notifications - allows any origin within dark.side domain
# This pattern allows the callbacks to work regardless of subdomain
location ~ ^/(api/push|service-worker\.js|manifest\.json|pwa\.js) {
# Set CORS headers for dark.side domains
set $cors_origin "";
if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
set $cors_origin $http_origin;
}
# If no specific origin match, allow the dark.side domain generally
if ($cors_origin = "") {
set $cors_origin "https://admin.dark.side";
}
# Apply CORS headers
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Max-Age' '3600' always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Content-Length' '0';
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
# Proxy to the backend
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
# Additional location for the admin area with CORS support
location /Admin {
# Basic CORS for admin area
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
proxy_pass http://localhost:5100/Admin;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}