Separate frontend app API from backend API in production
This commit is contained in:
@ -11,7 +11,7 @@ WEBHOOK_VERIFY_TOKEN=replace-with-32-plus-char-random-token
|
||||
WEBHOOK_SHARED_SECRET=replace-with-32-plus-char-random-secret
|
||||
META_WEBHOOK_APP_SECRET=
|
||||
WEBHOOK_ALLOW_UNSIGNED=false
|
||||
NEXT_PUBLIC_API_URL=http://localhost:3001/api
|
||||
NEXT_PUBLIC_API_URL=http://localhost:3000/backend-api
|
||||
MAIL_HOST=mail.example.com
|
||||
MAIL_PORT=465
|
||||
MAIL_SECURE=true
|
||||
|
||||
@ -11,7 +11,7 @@ Panduan ini menyiapkan `bizone-web` di server Debian 12 kosong dengan topologi b
|
||||
## URL Production Final
|
||||
|
||||
- Aplikasi: `https://portal.bizone.id`
|
||||
- Backend API public base URL: `https://portal.bizone.id/api`
|
||||
- Backend API browser/server base URL via reverse proxy: `https://portal.bizone.id/backend-api`
|
||||
- Health check backend: `https://portal.bizone.id/api/health`
|
||||
- Webhook verify URL Meta: `https://portal.bizone.id/api/webhooks/whatsapp`
|
||||
- Webhook event URL Meta: `https://portal.bizone.id/api/webhooks/whatsapp`
|
||||
@ -26,6 +26,8 @@ Untuk integrasi Meta, gunakan URL default berikut:
|
||||
Catatan penting:
|
||||
|
||||
- Route backend memakai global prefix `/api`, jadi endpoint controller `GET /webhooks/whatsapp` menjadi `GET /api/webhooks/whatsapp`.
|
||||
- Di production, `nginx` mengekspos backend internal aplikasi lewat prefix `https://portal.bizone.id/backend-api`.
|
||||
- Prefix `/api/*` di browser dipakai oleh route handler Next.js untuk operasi dashboard seperti save contact, save user, export, dan aksi client-side lain.
|
||||
- Jika Anda ingin verifikasi tanda tangan resmi dari Meta, isi `META_WEBHOOK_APP_SECRET`.
|
||||
- Bila `META_WEBHOOK_APP_SECRET` terisi, request ke `POST /api/webhooks/whatsapp/meta` menuntut header `x-hub-signature-256`.
|
||||
- Endpoint `POST /api/webhooks/whatsapp` tetap bisa dipakai untuk Meta bila Anda memilih verify token + shared secret non-Meta untuk test lain, tetapi untuk produksi Meta lebih aman menargetkan URL default callback dan menyimpan `META_WEBHOOK_APP_SECRET`.
|
||||
@ -237,6 +239,7 @@ Uji HTTP lokal:
|
||||
```bash
|
||||
curl -I http://portal.bizone.id
|
||||
curl http://portal.bizone.id/api/health
|
||||
curl http://portal.bizone.id/backend-api/health
|
||||
```
|
||||
|
||||
## 10. Aktifkan HTTPS
|
||||
@ -250,6 +253,7 @@ Setelah cert aktif, uji:
|
||||
```bash
|
||||
curl -I https://portal.bizone.id
|
||||
curl https://portal.bizone.id/api/health
|
||||
curl https://portal.bizone.id/backend-api/health
|
||||
```
|
||||
|
||||
Respons health ideal:
|
||||
@ -331,3 +335,12 @@ sudo systemctl is-active bizone-backend
|
||||
sudo systemctl is-active bizone-frontend
|
||||
docker compose -f /srv/bizone-web/deploy/debian12/docker-compose.infra.yml ps
|
||||
```
|
||||
##+Q&xN$86LbSA<av<
|
||||
Ganti `NEXT_PUBLIC_API_URL` production menjadi:
|
||||
|
||||
```dotenv
|
||||
NEXT_PUBLIC_API_URL=https://portal.bizone.id/backend-api
|
||||
```
|
||||
|
||||
Ini penting agar frontend server-side berbicara ke backend asli, sementara browser tetap bisa memakai route handler Next.js di `/api/*`.
|
||||
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
NODE_ENV=production
|
||||
|
||||
DATABASE_URL=postgresql://bizone:change-this-postgres-password@127.0.0.1:5432/wa_dashboard
|
||||
DATABASE_URL=postgresql://bizone:%2BQ%26xN%2486LbSA%3Cav%3C@127.0.0.1:5432/wa_dashboard
|
||||
REDIS_URL=redis://127.0.0.1:6379
|
||||
|
||||
PORT=3001
|
||||
FRONTEND_ORIGIN=https://portal.bizone.id
|
||||
PUBLIC_API_URL=https://portal.bizone.id
|
||||
NEXT_PUBLIC_API_URL=https://portal.bizone.id/api
|
||||
NEXT_PUBLIC_API_URL=https://portal.bizone.id/backend-api
|
||||
|
||||
JWT_SECRET=UsmlPBa61fKDgTjUR+9sS9f5SKw3OF7X0CjGWoHibg2eF7gQO6sS57pc2Hj8XIv4
|
||||
JWT_EXPIRES_IN=1d
|
||||
|
||||
@ -5,6 +5,33 @@ server {
|
||||
|
||||
client_max_body_size 20m;
|
||||
|
||||
location = /api/health {
|
||||
proxy_pass http://127.0.0.1:3001/api/health;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location /api/webhooks/ {
|
||||
proxy_pass http://127.0.0.1:3001/api/webhooks/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location /backend-api/ {
|
||||
proxy_pass http://127.0.0.1:3001/api/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
@ -16,12 +43,4 @@ server {
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:3001/api/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user