Blocked by CORS (reverse proxy)

[Witchness]

I'm sorry if my question is silly. I don't have much experience with all this and I'm just learning. If you can help, I would be very grateful<3

I get an error like this

I have a set-up like this:

• Docker container running on 192.168.1.109
• Synology nas running on 192.168.1.3 with reverse proxy enabled
• The vods.witch.tools domain goes to NAS via cloudflare and NAS forwards to 192.168.1.109:4801 with reverse proxy
• api.witch.tools and cdn.witch.tools work the same way (by clicking the link from the console directly, I can access)

my docker-compose.yml if it can help

version: "3.3"
services:
  ganymede-api:
    container_name: ganymede-api
    image: ghcr.io/zibbp/ganymede:latest
    restart: unless-stopped
    environment:
      - TZ=Europe/Kiev # Set to your timezone
      - DB_HOST=ganymede-db
      - DB_PORT=5432
      - DB_USER=*****
      - DB_PASS=*******
      - DB_NAME=ganymede-prd
      - DB_SSL=disable
      - JWT_SECRET=*********
      - JWT_REFRESH_SECRET=*********
      - TWITCH_CLIENT_ID=***********
      - TWITCH_CLIENT_SECRET=***************
      - COOKIE_DOMAIN=vods.witch.tools
      - FRONTEND_HOST=https://vods.witch.tools
      # OPTIONAL
      # - OAUTH_PROVIDER_URL=
      # - OAUTH_CLIENT_ID=
      # - OAUTH_CLIENT_SECRET=
      # - OAUTH_REDIRECT_URL=http://IP:PORT/api/v1/auth/oauth/callback # Points to the API service
    volumes:
      - vods:/vods
      - ./logs:/logs
      - ./data:/data
      # Uncomment below to persist temp files
      - ./tmp:/tmp
    ports:
      - 4800:4000
  ganymede-frontend:
    container_name: ganymede-frontend
    image: ghcr.io/zibbp/ganymede-frontend:latest
    restart: unless-stopped
    environment:
      - API_URL=https://api.witch.tools # Points to the API service
      - CDN_URL=https://cdn.witch.tools # Points to the CDN service
      - SHOW_SSO_LOGIN_BUTTON=false # show/hide SSO login button on login page
      - FORCE_SSO_AUTH=false # force SSO auth for all users (bypasses login page and redirects to SSO)
      - REQUIRE_LOGIN=true # require login to view videos
    ports:
      - 4801:3000
  ganymede-db:
    container_name: ganymede-db
    image: postgres:14
    volumes:
      - ./ganymede-db:/ganymede-db
    environment:
      - POSTGRES_PASSWORD=PASSWORD
      - POSTGRES_USER=ganymede
      - POSTGRES_DB=ganymede-prd
    ports:
      - 4803:5432
  ganymede-nginx:
    container_name: ganymede-nginx
    image: nginx
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - vods:/mnt/vods
    ports:
      - 4802:8080
volumes:
    vods:
      driver_opts:
        type: cifs    
        device: //192.168.1.3/Twitch/TwitchDownloader/vods
        o: "username=*******,password=**********,vers=3.0,file_mode=0777,dir_mode=0777,addr=192.168.1.3,rw"

[Zibbp]

Everything regarding the URL env vars looks OK. The frontend container does need to be able to access https://api.witch.tools as it does some server side rendering alongside the client side rendering. Can you exec into the frontend container and ensure it's able to curl and get a response from https://api.witch.tools?

[Witchness]

In fact, you're right. I got the cloudflare captcha entry page through curl. I turned off this check in the cloudflare site settings and the error disappeared 🎉

BUT there is another problem, I can't log in. It show this error when I try to sign in. When registering, an account is created, but after refreshing the page authorization disappears and I cannot log in again😭

[Zibbp]

Try setting the COOKIE_DOMAIN var to COOKIE_DOMAIN=witch.tools

[Witchness]

Wow, that actually helped.. Thank you so much for your help