Spaces:
Running
Running
fix: rewrite Space-host redirects to relative paths + pass x-forwarded-proto
Browse filesNext.js middleware generates redirects using the public SPACE_HOST (e.g.
https://somratpro-huggingpost.hf.space/auth). The HF Spaces reverse proxy
intercepts absolute redirects to its own hostname, resolves them server-side,
and returns 200 β causing blank white page at /app/ instead of navigating.
- health-server rewriteLocation: also rewrite absolute URLs whose hostname
matches SPACE_HOST to /app-prefixed relative paths (same logic as 127.0.0.1)
so the browser (not HF proxy) handles the navigation and URL bar updates
- Dockerfile: patch nginx to pass X-Forwarded-Proto from upstream header
($http_x_forwarded_proto) instead of hardcoding $scheme=http so Next.js
builds correct https:// redirect URLs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dockerfile +6 -1
- health-server.js +18 -9
Dockerfile
CHANGED
|
@@ -156,8 +156,13 @@ COPY --from=postiz-builder /build/var/docker/nginx.conf /etc/nginx/nginx.conf
|
|
| 156 |
# the bare root doesn't return an empty 200 from nginx's default handler.
|
| 157 |
# (health-server already short-circuits /app/ before reaching nginx, but
|
| 158 |
# this makes nginx self-consistent for any direct curl / health checks.)
|
| 159 |
-
RUN sed -i
|
|
|
|
|
|
|
|
|
|
|
|
|
| 160 |
&& grep -q '/app/' /etc/nginx/nginx.conf \
|
|
|
|
| 161 |
|| (echo "NGINX PATCH FAILED β upstream nginx.conf format changed"; cat /etc/nginx/nginx.conf; exit 1)
|
| 162 |
|
| 163 |
# Health-server outside /app to avoid pnpm workspace collisions.
|
|
|
|
| 156 |
# the bare root doesn't return an empty 200 from nginx's default handler.
|
| 157 |
# (health-server already short-circuits /app/ before reaching nginx, but
|
| 158 |
# this makes nginx self-consistent for any direct curl / health checks.)
|
| 159 |
+
RUN sed -i \
|
| 160 |
+
's|proxy_pass http://127.0.0.1:4200/;|proxy_pass http://127.0.0.1:4200/app/;|; \
|
| 161 |
+
s|proxy_pass http://localhost:4200/;|proxy_pass http://localhost:4200/app/;|; \
|
| 162 |
+
s|proxy_set_header X-Forwarded-Proto \$scheme;|proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;|g' \
|
| 163 |
+
/etc/nginx/nginx.conf \
|
| 164 |
&& grep -q '/app/' /etc/nginx/nginx.conf \
|
| 165 |
+
&& grep -q 'x_forwarded_proto' /etc/nginx/nginx.conf \
|
| 166 |
|| (echo "NGINX PATCH FAILED β upstream nginx.conf format changed"; cat /etc/nginx/nginx.conf; exit 1)
|
| 167 |
|
| 168 |
# Health-server outside /app to avoid pnpm workspace collisions.
|
health-server.js
CHANGED
|
@@ -426,27 +426,36 @@ function buildProxyHeaders(headers) {
|
|
| 426 |
|
| 427 |
function rewriteLocation(loc) {
|
| 428 |
// Postiz's Next.js middleware redirects without the basePath prefix (/app)
|
| 429 |
-
// and may use an internal hostname (127.0.0.1:NGINX_PORT)
|
| 430 |
-
//
|
|
|
|
|
|
|
| 431 |
//
|
| 432 |
// Normalise every Location header from the Postiz nginx proxy:
|
| 433 |
-
// 1. If it's an absolute URL to an internal host β extract
|
| 434 |
// 2. If the resulting path doesn't start with /app β prepend /app.
|
| 435 |
//
|
|
|
|
|
|
|
|
|
|
| 436 |
// Examples:
|
| 437 |
-
// http://127.0.0.1:5000/auth/login
|
| 438 |
-
//
|
| 439 |
-
// /auth/login
|
| 440 |
-
// /app/auth/login
|
| 441 |
-
// https://twitter.com/oauth/...
|
| 442 |
if (!loc) return loc;
|
|
|
|
| 443 |
let path = null;
|
| 444 |
if (loc.startsWith("/")) {
|
| 445 |
path = loc;
|
| 446 |
} else {
|
| 447 |
try {
|
| 448 |
const u = new URL(loc);
|
| 449 |
-
if (
|
|
|
|
|
|
|
|
|
|
| 450 |
path = u.pathname + u.search + u.hash;
|
| 451 |
}
|
| 452 |
} catch {}
|
|
|
|
| 426 |
|
| 427 |
function rewriteLocation(loc) {
|
| 428 |
// Postiz's Next.js middleware redirects without the basePath prefix (/app)
|
| 429 |
+
// and may use an internal hostname (127.0.0.1:NGINX_PORT) or the public
|
| 430 |
+
// HF Space hostname (SPACE_HOST). The HF Spaces reverse proxy intercepts
|
| 431 |
+
// absolute redirects to its own hostname β it resolves them server-side
|
| 432 |
+
// and returns 200 at the original URL (blank white page for the client).
|
| 433 |
//
|
| 434 |
// Normalise every Location header from the Postiz nginx proxy:
|
| 435 |
+
// 1. If it's an absolute URL to an internal or own-Space host β extract path.
|
| 436 |
// 2. If the resulting path doesn't start with /app β prepend /app.
|
| 437 |
//
|
| 438 |
+
// This converts absolute redirects to relative ones so the browser
|
| 439 |
+
// (not HF proxy) navigates and the URL bar updates correctly.
|
| 440 |
+
//
|
| 441 |
// Examples:
|
| 442 |
+
// http://127.0.0.1:5000/auth/login β /app/auth/login
|
| 443 |
+
// https://somratpro-huggingpost.hf.space/auth β /app/auth
|
| 444 |
+
// /auth/login β /app/auth/login
|
| 445 |
+
// /app/auth/login β /app/auth/login (unchanged)
|
| 446 |
+
// https://twitter.com/oauth/... β unchanged (external)
|
| 447 |
if (!loc) return loc;
|
| 448 |
+
const spaceHost = process.env.SPACE_HOST || null; // e.g. somratpro-huggingpost.hf.space
|
| 449 |
let path = null;
|
| 450 |
if (loc.startsWith("/")) {
|
| 451 |
path = loc;
|
| 452 |
} else {
|
| 453 |
try {
|
| 454 |
const u = new URL(loc);
|
| 455 |
+
if (
|
| 456 |
+
/^(127\.0\.0\.1|localhost)(:\d+)?$/.test(u.host) ||
|
| 457 |
+
(spaceHost && u.hostname === spaceHost)
|
| 458 |
+
) {
|
| 459 |
path = u.pathname + u.search + u.hash;
|
| 460 |
}
|
| 461 |
} catch {}
|