From 88d47f677f41bbce4fbc87fcc15ca2d1a7c0c3ec Mon Sep 17 00:00:00 2001 From: Chincherry93 <108326517+Chincherry93@users.noreply.github.com> Date: Thu, 30 Apr 2026 15:21:22 +0800 Subject: [PATCH] fix(nginx): add catch-all /api/ location for auth routes (#2657) The recent refactor (7bf618de) removed the langgraph upstream and added individual /api/* prefix locations for models, memory, mcp, skills, agents, threads, and sandboxes. However, /api/v1/auth/* routes (login, register, setup-status, etc.) were not covered by any explicit location block, causing them to fall through to the frontend catch-all. In Docker production builds, Next.js rewrites are baked at build time with http://127.0.0.1:8001 (the gateway is unreachable from the frontend container's localhost), resulting in ECONNREFUSED errors for all auth operations. Adding a catch-all `location /api/` block after the more specific prefix/regex locations ensures all gateway API routes are properly proxied. nginx's location matching priority means the more specific locations above still take precedence for /api/langgraph/, /api/models, /api/memory, /api/mcp, /api/skills, /api/agents, /api/threads/*, and /api/sandboxes. Co-authored-by: Chincherry93 --- docker/nginx/nginx.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf index 12096d5ba..a5e0eb6b6 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx.conf @@ -207,6 +207,17 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } + # Catch-all for /api/ routes not covered above (e.g. /api/v1/auth/*). + # More specific prefix and regex locations above still take precedence. + location /api/ { + proxy_pass http://gateway; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + # All other requests go to frontend location / { proxy_pass http://frontend;