91b859746b
Root cause: docker-compose.yml hardcoded NEXT_PUBLIC_NOTES_API_URL to https://api.bytelyst.com/notelett — a production URL that doesn't exist on this network — as the *build arg* for the web image. The docker-compose.override.yml correctly set localhost:4016/api but only on the runtime environment, which has no effect because NEXT_PUBLIC_* values are baked into the Next.js bundle at build time (pnpm run build inside the Dockerfile), not read at runtime. Symptom: every authenticated client-side fetch from the deployed web container went to https://api.bytelyst.com/notelett/... which the corporate proxy intercepted with a blockpage. The saved-views client in particular fired on every (app)/ layout mount, surfacing a 'Failed to fetch' toast on dashboard load. 4 release-flows.spec tests failed because page.route('**/api/**') couldn't match the api.bytelyst.com URLs at all. Discovery: inspected the deployed bundle inside the running container. 'grep -oE "api.bytelyst.com" /app/web/web/.next/static/chunks/*.js' returned multiple hits across the (app)/ layout, (auth)/ pages, and share page. The string was absent from the source tree, which proved it had been injected at build time via the broken arg default. Discovery debug pattern (kept for future use): page.on('requestfailed', r => console.log(r.method(), r.url())); page.route('**/api/**', route => route.fulfill({status:200,body:'{}'})); await page.goto('/dashboard'); // FAILED REQUESTS will list any URL not under /api/** that the SPA // attempted, exposing baked-in production URLs immediately. Fix (three layers, defense in depth): 1. docker-compose.yml — replace hardcoded 'NEXT_PUBLIC_NOTES_API_URL: https://api.bytelyst.com/notelett' in the build.args block with '${NEXT_PUBLIC_NOTES_API_URL:-http://localhost:4016/api}'. Same treatment for the runtime environment block. Add build args for the four other NEXT_PUBLIC_* values (extraction, MCP, diagnostics, product name/id, telemetry transport) so a single env var on the host controls both build and runtime layers. 2. web/Dockerfile — declare ARG and ENV lines for all seven NEXT_PUBLIC_* values so the build args reach 'pnpm run build'. Previously only NOTES_API_URL and PLATFORM_SERVICE_URL were declared, which meant overriding extraction/MCP/diagnostics via docker compose silently had no effect on the bundle. 3. docker-compose.override.yml — add a build.args block mirroring the four URL overrides so the local-only override also reaches build time, not just runtime. Comment block explains the bake-time vs runtime distinction so future contributors don't repeat the bug. Verified end-to-end after the fix: - docker compose build --no-cache web + up -d → grep of bundle now shows 'localhost:4016/api', api.bytelyst.com fully gone. - Debug interception test: zero requestfailed events on /dashboard. - Playwright release-flows.spec.ts: 4 failed → 4 passed (after URL fix; no test code changed for these four tests). - Full Playwright suite (--ignore-snapshots): 43 passed. - scripts/e2e-docker-test.sh: 9/9 backend API lifecycle steps pass. - pnpm run verify: backend 380/380, web 96/96, mobile 97/97.
52 lines
2.1 KiB
YAML
52 lines
2.1 KiB
YAML
# Local override for `docker compose up` on this host.
|
|
#
|
|
# Why this exists:
|
|
# docker-compose.yml maps the web container to host port 3000, but
|
|
# port 3000 on this host is already occupied (Grafana). This file
|
|
# remaps web to host port 3050 and backend stays on 4016. The backend
|
|
# is configured to point at the sibling platform/extraction/mcp
|
|
# services already running on the host network.
|
|
#
|
|
# Bring up:
|
|
# docker compose up -d
|
|
# URLs:
|
|
# Web: http://localhost:3050
|
|
# Backend: http://localhost:4016
|
|
# Health: http://localhost:4016/health
|
|
# Bring down:
|
|
# docker compose down
|
|
|
|
services:
|
|
backend:
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
environment:
|
|
CORS_ORIGIN: "http://localhost:3050"
|
|
PLATFORM_SERVICE_URL: "http://host.docker.internal:4003"
|
|
EXTRACTION_SERVICE_URL: "http://host.docker.internal:4005"
|
|
MCP_SERVER_URL: "http://host.docker.internal:4007"
|
|
DB_PROVIDER: memory
|
|
# MUST match the JWT_SECRET used by the sibling platform-service so
|
|
# tokens platform issues are accepted by NoteLett backend. The
|
|
# platform-service in this dev compose stack uses the value below.
|
|
JWT_SECRET: "dev-ecosystem-secret-do-not-use-in-production"
|
|
|
|
web:
|
|
ports: !override
|
|
- "3050:3045"
|
|
# NEXT_PUBLIC_* values are baked into the Next.js bundle at build
|
|
# time. They MUST be set as build args so `pnpm run build` inside
|
|
# the Dockerfile picks them up. Runtime `environment:` alone has no
|
|
# effect on the already-bundled client code.
|
|
build:
|
|
args:
|
|
NEXT_PUBLIC_NOTES_API_URL: "http://localhost:4016/api"
|
|
NEXT_PUBLIC_PLATFORM_SERVICE_URL: "http://localhost:4003/api"
|
|
NEXT_PUBLIC_EXTRACTION_SERVICE_URL: "http://localhost:4005"
|
|
NEXT_PUBLIC_MCP_SERVER_URL: "http://localhost:4007/api"
|
|
environment:
|
|
NEXT_PUBLIC_NOTES_API_URL: "http://localhost:4016/api"
|
|
NEXT_PUBLIC_PLATFORM_SERVICE_URL: "http://localhost:4003/api"
|
|
NEXT_PUBLIC_EXTRACTION_SERVICE_URL: "http://localhost:4005"
|
|
NEXT_PUBLIC_MCP_SERVER_URL: "http://localhost:4007/api"
|