Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pitch-deck): HTTPS via Nginx reverse proxy on port 3012
Some checks failed
Build pitch-deck / build-and-push (push) Failing after 56s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 32s
Details
CI / test-python-voice (push) Successful in 33s
Details
CI / test-bqas (push) Successful in 33s
Details
CI / Deploy (push) Failing after 4s
Details

Browse Source 
- Add Nginx SSL server block for pitch-deck on port 3012
- Route through Nginx instead of direct container port
- Restore secure cookie flag (requires HTTPS)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-04-13 17:13:52 +02:00
parent 32b5e0223d
commit 512088ab93
3 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docker-compose.yml
View File

@@ -61,6 +61,7 @@ services:
- "3008:3008" # Admin Core - "3008:3008" # Admin Core
- "3010:3010" # Portal Dashboard - "3010:3010" # Portal Dashboard
- "8011:8011" # Compliance Docs (MkDocs) - "8011:8011" # Compliance Docs (MkDocs)
- "3012:3012" # Pitch Deck
volumes: volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro
- vault_certs:/etc/nginx/certs:ro - vault_certs:/etc/nginx/certs:ro
@@ -873,8 +874,8 @@ services:
dockerfile: Dockerfile dockerfile: Dockerfile
container_name: bp-core-pitch-deck container_name: bp-core-pitch-deck
platform: linux/arm64 platform: linux/arm64
ports: expose:
- "3012:3000" - "3000"
environment: environment:
NODE_ENV: production NODE_ENV: production
DATABASE_URL: postgres://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db} DATABASE_URL: postgres://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db}

30
nginx/conf.d/default.conf
View File

@@ -760,3 +760,33 @@ server {
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }
} }
# =========================================================
# PITCH DECK: Investor Presentation on port 3012
# =========================================================
server {
listen 3012 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
set $upstream_pitch bp-core-pitch-deck:3000;
proxy_pass http://$upstream_pitch;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 300s;
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
}
}

2
pitch-deck/lib/admin-auth.ts
View File

@@ -112,7 +112,7 @@ export async function setAdminCookie(jwt: string): Promise<void> {
const cookieStore = await cookies() const cookieStore = await cookies()
cookieStore.set(ADMIN_COOKIE_NAME, jwt, { cookieStore.set(ADMIN_COOKIE_NAME, jwt, {
httpOnly: true, httpOnly: true,
secure: process.env.PITCH_SECURE_COOKIE === 'true', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
maxAge: ADMIN_SESSION_EXPIRY_HOURS * 60 * 60, maxAge: ADMIN_SESSION_EXPIRY_HOURS * 60 * 60,