SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

fix(deploy): 404 missing assets instead of HTML fallback; ship public STUN config
CodeQL Analysis / Analyze CodeQL (push) Waiting to run
Details
Deploy Application / deploy (push) Waiting to run
Details
Mirror to Codeberg / mirror (push) Waiting to run
Details
Mirror to PrivacyGuides / mirror (push) Waiting to run
Details

Browse Source 
- nginx: asset extensions use try_files $uri =404 so a missing file (e.g.
  config/ice-servers.js) no longer serves index.html with the wrong content type
- add config/ice-servers.prod.js (public STUN, no secrets); Dockerfile copies it
  to the git-ignored config/ice-servers.js so the operator-override path exists
This commit is contained in:
lockbitchat
2026-06-15 16:30:39 -04:00
parent d58967c671
commit 017a590220
3 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+6
View File
@@ -9,6 +9,12 @@ COPY deploy/nginx.conf /etc/nginx/nginx.conf
# Serve the repository (src/, assets/, libs/, dist/, config/, logo/, sw.js, ...). # Serve the repository (src/, assets/, libs/, dist/, config/, logo/, sw.js, ...).
COPY . /usr/share/nginx/html COPY . /usr/share/nginx/html
# config/ice-servers.js is git-ignored (it can hold operator TURN credentials),
# so it is absent from the build context. Provide the public-STUN production
# override so the operator-override path is populated and nothing 404s.
RUN cp /usr/share/nginx/html/config/ice-servers.prod.js \
/usr/share/nginx/html/config/ice-servers.js
# Fly.io health checks and routing target this port. # Fly.io health checks and routing target this port.
EXPOSE 8080 EXPOSE 8080
config/ice-servers.prod.js
+10
View File
@@ -0,0 +1,10 @@
// Production ICE override baked into the Fly.io image (no secrets — public STUN
// only). The Dockerfile copies this to config/ice-servers.js, which is otherwise
// git-ignored. Users who want a TURN relay can add one via "Advanced network
// settings"; to ship an operator TURN here, add it below (TURN credentials are
// visible to every browser, so rotate them if exposed).
window.SECUREBIT_ICE_SERVERS = [
{ urls: 'stun:stun.cloudflare.com:3478' },
{ urls: 'stun:stun.l.google.com:19302' },
{ urls: 'stun:stun1.l.google.com:19302' }
];
deploy/nginx.conf
+8 -1
View File
@@ -58,7 +58,14 @@ http {
add_header Cache-Control $sb_cache always; add_header Cache-Control $sb_cache always;
add_header Service-Worker-Allowed "/" always; add_header Service-Worker-Allowed "/" always;
# SPA-style fallback so unknown routes still load the app shell. # Real asset files must return 404 when missing — never fall back to the
# HTML shell, which would be served with the wrong content type and break
# module/script loading (e.g. a missing config/ice-servers.js).
location ~* \.(js|mjs|jsx|css|json|map|woff2?|ttf|otf|png|jpe?g|gif|webp|svg|ico|mp3|mp4|webm)$ {
try_files $uri =404;
}
# SPA-style fallback so unknown navigation routes still load the app shell.
location / { location / {
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }