Lef-F/mike@9cc8453c

fix: route backend->gotrue through caddy with transparent host header

↗ view on GitHub · Lef · 2026-05-05 · 9cc8453c

The backend's @supabase/supabase-js client constructs URLs as
${SUPABASE_URL}/auth/v1/..., so SUPABASE_URL must point at a layer
that strips /auth/v1/ before forwarding to GoTrue (which serves at
the root path). Pointing it at gotrue:9999 directly returned 404
on every auth call, causing all backend endpoints to return 401.

Two changes:
- Caddy site address relaxed from {$MIKE_HOST}:{$MIKE_PORT} to
  :{$MIKE_PORT} so internal services (caddy:80) reach it without
  Host-header matching games.
- reverse_proxy directives set 'header_up Host {upstream_hostport}'
  so Caddy presents the upstream's address as the Host header instead
  of forwarding the inbound Host through, which was causing GoTrue
  to return empty 200 responses for in-cluster requests.
- mike-backend SUPABASE_URL now points at http://caddy:${MIKE_PORT}.

Repository	Lef-F/mike
Author	Lef <Lef-F@users.noreply.github.com>
Authored	2026-05-05T09:58:48+02:00
Parents	`8ff0dc8b`
Stats	2 files changed , +14 , -6
Part of	Self-host docker-compose stack

Repository

Lef-F/mike

Author

Lef <Lef-F@users.noreply.github.com>

Authored

2026-05-05T09:58:48+02:00

Parents

8ff0dc8b

Stats

2 files changed , +14 , -6

Part of

Self-host docker-compose stack

Capture this commit into my fork

Download a Markdown prompt that tells Claude how to port this exact commit into your working tree. Run it via claude -p < capture-commit-9cc8453c.md from inside the repo you want the change in.

⬇ Download capture-commit-9cc8453c.md