SysAdmin
4992b6b839
- Add publish directories to .gitignore (both root and TeleBot) - Exclude compressed assets (*.br, *.gz) except wwwroot - Exclude archive files (*.tar.gz, *.zip) - Run TOR verification: 9/9 checks PASSED ✓ - Document nginx push notification configuration This cleanup prevents build artifacts from cluttering git status while maintaining proper TOR security configuration verification. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
3.5 KiB
Nginx Push Notification Configuration Fix
Issue
Push notifications are failing because the nginx CORS headers are configured for https://admin.dark.side instead of the actual domain being used.
Current Configuration (Line ~19 in nginx config)
# CORS headers for push notifications
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
Required Fix
The CORS headers need to be updated to match the actual domain being used for the admin panel:
# CORS headers for push notifications
add_header 'Access-Control-Allow-Origin' 'https://admin.thebankofdebbie.giize.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
Manual Fix Steps
-
SSH into the server:
ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1 # OR ssh -i vps_hardening_key -p 2255 sysadmin@srv1002428.hstgr.cloud -
Check current nginx configuration:
sudo ls -la /etc/nginx/sites-enabled/ sudo grep -r "admin.dark.side" /etc/nginx/sites-enabled/ -
Edit the configuration file:
sudo nano /etc/nginx/sites-available/admin-littleshop # OR wherever the config file is located -
Update the CORS headers:
- Find:
'https://admin.dark.side' - Replace with:
'https://admin.thebankofdebbie.giize.com'
Or for more flexible CORS (allow from the actual requesting origin):
# Dynamic CORS based on request origin set $cors_origin ""; if ($http_origin ~* (https?://(admin\.)?thebankofdebbie\.giize\.com|https?://srv1002428\.hstgr\.cloud)) { set $cors_origin $http_origin; } add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; - Find:
-
Test the configuration:
sudo nginx -t -
Reload nginx if config is valid:
sudo systemctl reload nginx
Push Notification Endpoints
The following endpoints need to be accessible with proper CORS headers:
/api/push/vapidpublickey- Returns the VAPID public key/api/push/subscribe- Handles push subscription/service-worker.js- Service worker file/manifest.json- PWA manifest/pwa.js- PWA initialization script
Testing
After updating the configuration, test push notifications:
- Visit the admin panel at the correct domain
- Click the notification bell icon
- Allow notifications when prompted
- Check browser console for any CORS errors
Alternative: Using nginx-proxy-manager
If the server is using nginx-proxy-manager (Docker container), the configuration might need to be updated via the UI:
- Access nginx-proxy-manager UI (usually port 81)
- Find the proxy host for the admin panel
- Update the Advanced tab with custom nginx configuration for CORS headers
DNS Configuration Required
Ensure admin.thebankofdebbie.giize.com points to the server IP (31.97.57.205):
admin.thebankofdebbie.giize.com A 31.97.57.205
SSL Certificate
The domain will need a valid SSL certificate. This can be obtained via:
- Let's Encrypt (certbot)
- nginx-proxy-manager's built-in Let's Encrypt support
- Or using a self-signed certificate temporarily