littleshop/nginx-push-notification-fix.md

# Nginx Push Notification Configuration Fix

## Issue
Push notifications are failing because the nginx CORS headers are configured for `https://admin.dark.side` instead of the actual domain being used.

## Current Configuration (Line ~19 in nginx config)
```nginx
# CORS headers for push notifications
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
```

## Required Fix
The CORS headers need to be updated to match the actual domain being used for the admin panel:

```nginx
# CORS headers for push notifications
add_header 'Access-Control-Allow-Origin' 'https://admin.thebankofdebbie.giize.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
```

## Manual Fix Steps

1. **SSH into the server:**
   ```bash
   ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1
   # OR
   ssh -i vps_hardening_key -p 2255 sysadmin@srv1002428.hstgr.cloud
   ```

2. **Check current nginx configuration:**
   ```bash
   sudo ls -la /etc/nginx/sites-enabled/
   sudo grep -r "admin.dark.side" /etc/nginx/sites-enabled/
   ```

3. **Edit the configuration file:**
   ```bash
   sudo nano /etc/nginx/sites-available/admin-littleshop
   # OR wherever the config file is located
   ```

4. **Update the CORS headers:**
   - Find: `'https://admin.dark.side'`
   - Replace with: `'https://admin.thebankofdebbie.giize.com'`

   Or for more flexible CORS (allow from the actual requesting origin):
   ```nginx
   # Dynamic CORS based on request origin
   set $cors_origin "";
   if ($http_origin ~* (https?://(admin\.)?thebankofdebbie\.giize\.com|https?://srv1002428\.hstgr\.cloud)) {
       set $cors_origin $http_origin;
   }
   add_header 'Access-Control-Allow-Origin' $cors_origin always;
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
   add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
   add_header 'Access-Control-Allow-Credentials' 'true' always;
   ```

5. **Test the configuration:**
   ```bash
   sudo nginx -t
   ```

6. **Reload nginx if config is valid:**
   ```bash
   sudo systemctl reload nginx
   ```

## Push Notification Endpoints
The following endpoints need to be accessible with proper CORS headers:
- `/api/push/vapidpublickey` - Returns the VAPID public key
- `/api/push/subscribe` - Handles push subscription
- `/service-worker.js` - Service worker file
- `/manifest.json` - PWA manifest
- `/pwa.js` - PWA initialization script

## Testing
After updating the configuration, test push notifications:

1. Visit the admin panel at the correct domain
2. Click the notification bell icon
3. Allow notifications when prompted
4. Check browser console for any CORS errors

## Alternative: Using nginx-proxy-manager
If the server is using nginx-proxy-manager (Docker container), the configuration might need to be updated via the UI:
1. Access nginx-proxy-manager UI (usually port 81)
2. Find the proxy host for the admin panel
3. Update the Advanced tab with custom nginx configuration for CORS headers

## DNS Configuration Required
Ensure `admin.thebankofdebbie.giize.com` points to the server IP (31.97.57.205):
```
admin.thebankofdebbie.giize.com A 31.97.57.205
```

## SSL Certificate
The domain will need a valid SSL certificate. This can be obtained via:
- Let's Encrypt (certbot)
- nginx-proxy-manager's built-in Let's Encrypt support
- Or using a self-signed certificate temporarily