Use HTTP/1.1 with nginx for chunked transfers

deployment/data/nginx/app.conf.template

@@ -19,22 +19,39 @@ server {
     server_name ${DOMAIN};
 
     location ~ ^/api(.*)$ {
-      rewrite ^/api(/.*)$ $1 break;
+        rewrite ^/api(/.*)$ $1 break;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
-      proxy_set_header X-Forwarded-Proto $scheme;
+        # misc headers
-      proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
-      # we don't want nginx trying to do something clever with
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      # redirects, we set the Host: header above already.
+        proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_redirect off;
+        proxy_set_header X-Forwarded-Host $host; 
-      proxy_pass http://app_server;
+        proxy_set_header Host $host;
+
+        # need to use 1.1 to support chunked transfers
+        proxy_http_version 1.1;
+        proxy_buffering off;
+
+        # we don't want nginx trying to do something clever with
+        # redirects, we set the Host: header above already.
+        proxy_redirect off;
+        proxy_pass http://app_server;
     }
 
     location / {
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # misc headers
-      proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_redirect off;
+        proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_pass http://web_server;
+        proxy_set_header X-Forwarded-Host $host; 
+        proxy_set_header Host $host;
+
+        proxy_http_version 1.1;
+
+        # we don't want nginx trying to do something clever with
+        # redirects, we set the Host: header above already.
+        proxy_redirect off;
+        proxy_pass http://web_server;
     }
 
     location /.well-known/acme-challenge/ {
@@ -47,6 +64,8 @@ server {
     server_name ${DOMAIN};
     
     location / {
+        proxy_http_version 1.1;
+        proxy_buffering off;
         proxy_pass http://${DOMAIN};
     }
 

deployment/docker-compose.yml

@@ -35,6 +35,10 @@ services:
     build:
       context: ../web
       dockerfile: Dockerfile
+    depends_on:
+      - api
+    environment:
+      - INTERNAL_AUTH_URL=http://api:8080
   db:
     image: postgres:15.2-alpine
     restart: always

web/src/app/auth/google/callback/route.ts

@@ -1,6 +1,30 @@
 import { buildUrl } from "@/lib/userSS";
 import { NextRequest, NextResponse } from "next/server";
 
+
+const getDomain = (request: NextRequest) => {
+  // use env variable if set
+  if (process.env.BASE_URL) {
+    return process.env.BASE_URL;
+  } 
+
+  // next, try and build domain from headers
+  const requestedHost = request.headers.get('X-Forwarded-Host');
+  const requestedPort = request.headers.get('X-Forwarded-Port');
+  const requestedProto = request.headers.get('X-Forwarded-Proto');
+  if (requestedHost) {
+    const url = request.nextUrl.clone();
+    url.host = requestedHost;
+    url.protocol = requestedProto || url.protocol;
+    url.port = requestedPort || url.port;
+    return url.origin;
+  }
+
+  // finally just use whatever is in the request
+  return request.nextUrl.origin
+}
+
+
 export const GET = async (request: NextRequest) => {
   // Wrapper around the FastAPI endpoint /auth/google/callback,
   // which adds back a redirect to the main app.
@@ -11,10 +35,14 @@ export const GET = async (request: NextRequest) => {
   const setCookieHeader = response.headers.get("set-cookie");
 
   if (!setCookieHeader) {
-    return NextResponse.redirect(new URL("/auth/error", request.url));
+    return NextResponse.redirect(
+      new URL("/auth/error", getDomain(request))
+    );
   }
 
-  const redirectResponse = NextResponse.redirect(new URL("/", request.url));
+  const redirectResponse = NextResponse.redirect(
+    new URL("/", getDomain(request))
+  );
   redirectResponse.headers.set("set-cookie", setCookieHeader);
   return redirectResponse;
 };