From 4b385e0ea2c7555ea37418c8d6f6b5b35670648b Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Wed, 6 Aug 2025 19:29:43 +0200
Subject: [PATCH] Make admin work in single docker context (#1098)

---
 Dockerfile.single             |  2 ++
 apps/server/nginx.single.conf | 18 +++++-------------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/Dockerfile.single b/Dockerfile.single
index a6f7811d0..44479ee31 100644
--- a/Dockerfile.single
+++ b/Dockerfile.single
@@ -183,6 +183,7 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/api && \
       echo 'cd /app/api'; \
       echo 'export ConnectionStrings__AliasServerDbContext="Host=localhost;Database=aliasvault;Username=aliasvault;Password=${POSTGRES_PASSWORD:-defaultpassword}"'; \
       echo 'export ASPNETCORE_URLS="http://0.0.0.0:3001"'; \
+      echo 'export ASPNETCORE_PATHBASE="/api"'; \
       echo 'exec dotnet AliasVault.Api.dll'; \
     } > /etc/s6-overlay/s6-rc.d/api/run && \
     chmod +x /etc/s6-overlay/s6-rc.d/api/run && \
@@ -230,6 +231,7 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/admin && \
       echo 'cd /app/admin'; \
       echo 'export ConnectionStrings__AliasServerDbContext="Host=localhost;Database=aliasvault;Username=aliasvault;Password=${POSTGRES_PASSWORD:-defaultpassword}"'; \
       echo 'export ASPNETCORE_URLS="http://0.0.0.0:3002"'; \
+      echo 'export ASPNETCORE_PATHBASE="/admin"'; \
       echo 'exec dotnet AliasVault.Admin.dll'; \
     } > /etc/s6-overlay/s6-rc.d/admin/run && \
     chmod +x /etc/s6-overlay/s6-rc.d/admin/run && \
diff --git a/apps/server/nginx.single.conf b/apps/server/nginx.single.conf
index 7e0a0f392..f1d64a507 100644
--- a/apps/server/nginx.single.conf
+++ b/apps/server/nginx.single.conf
@@ -46,7 +46,7 @@ http {
         location /.well-known/acme-challenge/ {
             allow all;
             root /var/www/certbot;
-            try_files $uri $uri/ =404;
+            try_files $uri =404;
             default_type "text/plain";
             add_header Cache-Control "no-cache";
             break;
@@ -74,8 +74,8 @@ http {
         add_header Content-Security-Policy "frame-ancestors 'self'" always;
 
         # Admin interface
-        location /admin/ {
-            proxy_pass http://admin/;
+        location /admin {
+            proxy_pass http://admin;
             proxy_set_header Host $http_host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto https;
@@ -91,23 +91,15 @@ http {
             proxy_set_header Connection "upgrade";
             proxy_read_timeout 86400;
         }
-        
-        location /admin {
-            return 301 $scheme://$host/admin/;
-        }
 
         # API endpoints
-        location /api/ {
-            proxy_pass http://api/;
+        location /api {
+            proxy_pass http://api;
             proxy_set_header Host $http_host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
-        
-        location /api {
-            return 301 $scheme://$host/api/;
-        }
 
         # Client app (root path)
         location / {