Fix CORS errors for UI

- Run UI and services in the same host and port - Configure nginx as a proxy of the UI
safe-global · Nov 8, 2023 · 5cc20f3 · 5cc20f3
1 parent 746a8c0
commit 5cc20f3
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 15 deletions.
diff --git a/.env.sample b/.env.sample
@@ -1,5 +1,4 @@
 REVERSE_PROXY_PORT=8000
-REVERSE_PROXY_UI_PORT=8080
 
 CFG_VERSION=latest
 CGW_VERSION=latest

diff --git a/container_env_files/cgw.env b/container_env_files/cgw.env
@@ -30,3 +30,9 @@ AUTH_TOKEN=your_privileged_endpoints_token
 # Log level
 LOG_LEVEL=info
 # LOG_SILENT=true
+
+# Alerts provider
+ALERTS_PROVIDER_SIGNING_KEY=''
+ALERTS_PROVIDER_API_KEY=''
+ALERTS_PROVIDER_ACCOUNT=''
+ALERTS_PROVIDER_PROJECT=''
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -56,7 +56,7 @@ services:
       POSTGRES_PASSWORD: postgres
     volumes:
       - ./data/events-db:/var/lib/postgresql/data
-    <<: *pghealthcheck 
+    <<: *pghealthcheck
 
   # Safe Transaction Service
   txs-redis:
@@ -159,8 +159,8 @@ services:
       - container_env_files/ui.env
     depends_on:
       - nginx
-    ports:
-      - "${REVERSE_PROXY_UI_PORT}:8080"
+    expose:
+      - 8080
 
   general-rabbitmq:
     image: rabbitmq:alpine
@@ -170,13 +170,13 @@ services:
       timeout: 30s
       retries: 3
       start_period: 15s
-    
+
   events-web:
     image: safeglobal/safe-events-service:${EVENTS_VERSION}
     env_file:
-      - container_env_files/events.env 
+      - container_env_files/events.env
     depends_on:
-        events-db:
-          condition: service_healthy
-        general-rabbitmq:
-          condition: service_healthy      
+      events-db:
+        condition: service_healthy
+      general-rabbitmq:
+        condition: service_healthy
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
@@ -60,6 +60,15 @@ http {
       keepalive 32;
     }
 
+    upstream ui_server {
+      ip_hash;  # For load-balancing
+      server ui:8080 fail_timeout=0;
+      #
+      # fail_timeout=0 means we always retry an upstream even if it failed
+      # to return a good HTTP response
+      keepalive 32;
+    }
+
     server {
         access_log off;
         listen 8000 deferred;
@@ -104,7 +113,6 @@ http {
         }
 
         location /cfg/ {
-            proxy_pass http://cfg_app_server/;
             proxy_set_header Host $host;
             proxy_set_header X-Forwarded-Host $server_name;
             proxy_set_header X-Real-IP $remote_addr;
@@ -114,6 +122,8 @@ http {
             # we don't want nginx trying to do something clever with
             # redirects, we set the Host: header above already.
             proxy_redirect off;
+            proxy_pass http://cfg_app_server/;
+
             # They default to 60s. Increase to avoid WORKER TIMEOUT in web container
             proxy_connect_timeout 60s;
             proxy_read_timeout 60s;
@@ -148,5 +158,20 @@ http {
             proxy_set_header X-Real-IP $remote_addr;
             add_header              Front-End-Https   on;
         }
+
+      location / {
+            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Forwarded-Proto   $scheme;
+            proxy_set_header    Host                $host;
+            # we don't want nginx trying to do something clever with
+            # redirects, we set the Host: header above already.
+            proxy_redirect off;
+            proxy_pass http://ui_server/;
+
+            proxy_set_header X-Forwarded-Host $server_name;
+            proxy_set_header X-Real-IP $remote_addr;
+            add_header              Front-End-Https   on;
+        }
+
     }
 }
diff --git a/docs/README.md b/docs/README.md
@@ -6,7 +6,7 @@
 - **Tx Service** is the core of the Safe. It indexes multisig transactions, module transactions, token transfers, collects signatures... There must be **1 Tx Service per Chain**, with different workers, PostgreSQL, Redis and RabbitMQ.
 - **Config Service** holds configuration for every Chain (blockexplorer, tx service url, apps enabled, wallets enabled...). **1 instance of the Config Service supports multiple Chains**
 - **Client Gateway** provides an API optimized for clients (web ui, android, ios...). **1 instance of the Client Gateway supports multiple Chains**
-- **Safe Events Service** handle Safe indexing events from Transaction Service and deliver as HTTP webhooks.
+- **Events Service** handles Safe indexing events from Transaction Service and deliver as HTTP webhooks.
 
 ## Setup
 

diff --git a/docs/running_locally.md b/docs/running_locally.md
@@ -97,9 +97,7 @@ For the Events service, follow these steps:
 
 # Safe Web App
 
-The Safe Web app will be available at at http://localhost:8080 although check the output of `docker compose` to see that the container is already running, as in some step-ups, it can take longer than expected ( >15 minutes).
-
-To configure the port in which the Safe Web app will be reachable, look into our sample [.env](../.env.sample) file. The value of `REVERSE_PROXY_UI_PORT` defines this.
+The Safe Web app will be available at at http://localhost:8000/ although check the output of `docker compose` to see that the container is already running, as in some step-ups, it can take longer than expected ( >15 minutes).
 
 Add your `NEXT_PUBLIC_INFURA_TOKEN` value if its required for the chain RCP uri in the [container_env_files/ui.env](../container_env_files/ui.env) file.