diff --git a/docker/nginx-https.conf b/docker/nginx-https.conf index c64281b4..cebb0bad 100644 --- a/docker/nginx-https.conf +++ b/docker/nginx-https.conf @@ -335,19 +335,6 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/docker(/.*)?$ { - proxy_pass http://127.0.0.1:30007; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 60s; - proxy_send_timeout 300s; - proxy_read_timeout 300s; - } - location /docker/console/ { proxy_pass http://127.0.0.1:30008/; proxy_http_version 1.1; @@ -371,6 +358,19 @@ http { proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; } + location ~ ^/docker(/.*)?$ { + proxy_pass http://127.0.0.1:30007; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + error_page 500 502 503 504 /50x.html; location = /50x.html { root /app/html; diff --git a/docker/nginx.conf b/docker/nginx.conf index 305e4014..c3b4955d 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -324,19 +324,6 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - location ~ ^/docker(/.*)?$ { - proxy_pass http://127.0.0.1:30007; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 60s; - proxy_send_timeout 300s; - proxy_read_timeout 300s; - } - location /docker/console/ { proxy_pass http://127.0.0.1:30008/; proxy_http_version 1.1; @@ -360,6 +347,19 @@ http { proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; } + location ~ ^/docker(/.*)?$ { + proxy_pass http://127.0.0.1:30007; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + error_page 500 502 503 504 /50x.html; location = /50x.html { root /app/html; diff --git a/src/backend/ssh/docker.ts b/src/backend/ssh/docker.ts index 7147a0ba..28b61565 100644 --- a/src/backend/ssh/docker.ts +++ b/src/backend/ssh/docker.ts @@ -322,14 +322,9 @@ const app = express(); app.use( cors({ origin: (origin, callback) => { - if (!origin) return callback(null, true); - - const allowedOrigins = [ - "http://localhost:5173", - "http://localhost:3000", - "http://127.0.0.1:5173", - "http://127.0.0.1:3000", - ]; + if (!origin) { + return callback(null, true); + } if (origin.startsWith("https://")) { return callback(null, true); @@ -339,11 +334,22 @@ app.use( return callback(null, true); } + const allowedOrigins = [ + "http://localhost:5173", + "http://localhost:3000", + "http://127.0.0.1:5173", + "http://127.0.0.1:3000", + ]; + if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + dockerLogger.warn("CORS rejected origin", { + operation: "cors_check", + origin, + }); + return callback(new Error("Not allowed by CORS")); }, credentials: true, methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],