Fix Mixed Content on file uploads: presigned URLs now use public domain

The backend was generating presigned S3 URLs pointing to the internal MinIO endpoint (http://minio:9000), which browsers block on HTTPS pages. - Add a second S3 client in upload.service.ts configured with FRONTEND_URL for generating browser-facing presigned URLs (both upload and download) - Add nginx proxy location for /indeedhub-private/ and /indeedhub-public/ paths that forwards to MinIO without rewriting (preserves S3v4 signatures) - Keep internal S3 client for server-side operations (copy, delete, etc.) Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-13 20:30:49 +00:00
parent abb83fe164
commit fc20c625fa
3 changed files with 55 additions and 11 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,7 +20,7 @@ services:
      context: .
      dockerfile: Dockerfile
      args:
-        CACHEBUST: "8"
+        CACHEBUST: "9"
        VITE_USE_MOCK_DATA: "false"
        VITE_CONTENT_ORIGIN: ${FRONTEND_URL}
        VITE_INDEEHUB_API_URL: /api
@@ -47,7 +47,7 @@ services:
      context: ./backend
      dockerfile: Dockerfile
      args:
-        CACHEBUST: "8"
+        CACHEBUST: "9"
    restart: unless-stopped
    environment:
      # ── Core ─────────────────────────────────────────────
@@ -179,7 +179,7 @@ services:
      context: ./backend
      dockerfile: Dockerfile.ffmpeg
      args:
-        CACHEBUST: "8"
+        CACHEBUST: "9"
    restart: unless-stopped
    environment:
      ENVIRONMENT: production