From f8830a8b0f546c95ca75bb94de716413030e17b4 Mon Sep 17 00:00:00 2001
From: Zimeng Xiong <zxzimeng@gmail.com>
Date: Mon, 1 Dec 2025 13:27:31 -0800
Subject: [PATCH] add example in docker-compose, clarify README, add clearer
 validation, longer timeouts for websocket connections

---
 README.md                     | 12 ++++++++----
 docker-compose.yml            |  2 ++
 frontend/docker-entrypoint.sh | 11 ++++++++---
 frontend/nginx.conf.template  | 10 +++++++---
 4 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index e692e8f..69a450b 100644
--- a/README.md
+++ b/README.md
@@ -114,19 +114,23 @@ docker compose up -d
 # Access the frontend at localhost:6767
 ```
 
-### Reverse proxy / Traefik setups
+### Reverse Proxy / Traefik Setups (Docker)
 
-When ExcaliDash runs behind Traefik, Nginx, or another reverse proxy, configure both containers so that API + WebSocket calls resolve correctly:
+When running ExcaliDash behind Traefik, Nginx, or another reverse proxy, configure both containers so that API + WebSocket calls resolve correctly:
 
-- `FRONTEND_URL` (backend) must match the public URL that users hit (e.g. `https://excalidraw.example.com`). This controls CORS and Socket.IO origin checks.
+- `FRONTEND_URL` (backend) must match the public URL that users hit (e.g. `https://excalidash.example.com`). This controls CORS and Socket.IO origin checks.
 - `BACKEND_URL` (frontend) tells the Nginx container how to reach the backend from inside Docker/Kubernetes. Override it if your reverse proxy exposes the backend under a different hostname.
 
 ```yaml
+# docker-compose.yml example
 backend:
   environment:
-    - FRONTEND_URL=https://excalidraw.example.com
+    - FRONTEND_URL=https://excalidash.example.com
 frontend:
   environment:
+    # For standard Docker Compose (default)
+    # - BACKEND_URL=backend:8000
+    # For Kubernetes, use the service DNS name:
     - BACKEND_URL=excalidash-backend.default.svc.cluster.local:8000
 ```
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 70ad10f..2c76f10 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,8 @@ services:
     ports:
       - "6767:80"
     environment:
+      # Backend URL for nginx proxy (host:port format, no protocol)
+      # Override for reverse proxy setups (e.g., excalidash-backend.svc.cluster.local:8000)
       - BACKEND_URL=backend:8000
     depends_on:
       - backend
diff --git a/frontend/docker-entrypoint.sh b/frontend/docker-entrypoint.sh
index 59719a3..f1ef869 100644
--- a/frontend/docker-entrypoint.sh
+++ b/frontend/docker-entrypoint.sh
@@ -1,7 +1,8 @@
 #!/bin/sh
+# Alpine-based image uses /bin/sh (busybox ash), not bash
 set -e
 
-# Set default backend URL if not provided
+# Set default backend URL if not provided (host:port format, no protocol)
 export BACKEND_URL="${BACKEND_URL:-backend:8000}"
 
 echo "Configuring nginx with BACKEND_URL: ${BACKEND_URL}"
@@ -11,7 +12,11 @@ echo "Configuring nginx with BACKEND_URL: ${BACKEND_URL}"
 envsubst '${BACKEND_URL}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
 
 # Validate the generated nginx configuration before starting
-nginx -t -c /etc/nginx/nginx.conf
+echo "Validating nginx configuration..."
+if ! nginx -t -c /etc/nginx/nginx.conf; then
+    echo "ERROR: nginx configuration validation failed" >&2
+    exit 1
+fi
 
 # Execute the main command (nginx)
-exec "$@"
\ No newline at end of file
+exec "$@"
diff --git a/frontend/nginx.conf.template b/frontend/nginx.conf.template
index 281b701..91df63c 100644
--- a/frontend/nginx.conf.template
+++ b/frontend/nginx.conf.template
@@ -27,7 +27,7 @@ http {
             proxy_pass http://${BACKEND_URL}/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
+            proxy_set_header Connection 'upgrade';
             proxy_set_header Host $host;
             proxy_cache_bypass $http_upgrade;
             proxy_set_header X-Real-IP $remote_addr;
@@ -52,12 +52,16 @@ http {
             proxy_pass http://${BACKEND_URL}/socket.io/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
+            proxy_set_header Connection 'upgrade';
             proxy_set_header Host $host;
             proxy_cache_bypass $http_upgrade;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # Longer timeouts for WebSocket connections
+            proxy_read_timeout 3600s;
+            proxy_send_timeout 3600s;
         }
 
         # Frontend routes
@@ -71,4 +75,4 @@ http {
             add_header Cache-Control "public, immutable";
         }
     }
-}
\ No newline at end of file
+}