From 55415ba968c401ed9d2782aff8a63fd93fe2837c Mon Sep 17 00:00:00 2001
From: Arne Moerman <info@arnemoerman.be>
Date: Sun, 17 May 2026 22:06:16 +0200
Subject: [PATCH] Add PublicUrl support for reverse proxy handling

Introduced a `PUBLIC_URL` environment variable to configure the
public URL for OAuth callbacks and reverse proxy scenarios. Updated
`Program.cs` to rewrite request scheme and host based on `PublicUrl`.
Replaced `Microsoft.AspNetCore.Components.Authorization` with
`Microsoft.AspNetCore.Components.Authentication`. Added `PublicUrl`
to `appsettings.json` with a default empty value.
---
 deploy/portainer-stack.env.example |  3 +++
 deploy/portainer-stack.yml         |  1 +
 src/BirthList.Web/Program.cs       | 22 ++++++++++++++++++----
 src/BirthList.Web/appsettings.json |  3 ++-
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/deploy/portainer-stack.env.example b/deploy/portainer-stack.env.example
index 12d6604..e84eba7 100644
--- a/deploy/portainer-stack.env.example
+++ b/deploy/portainer-stack.env.example
@@ -1,6 +1,9 @@
 # Required for SQL Server container and app DB connection
 SA_PASSWORD=ChangeThisToAStrongPassword123!
 
+# Public URL of the site (used to fix OAuth callbacks behind a reverse proxy)
+PUBLIC_URL=https://yourdomain.example.com
+
 # Optional OAuth (leave empty to disable provider at runtime)
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
diff --git a/deploy/portainer-stack.yml b/deploy/portainer-stack.yml
index a108b5c..9090746 100644
--- a/deploy/portainer-stack.yml
+++ b/deploy/portainer-stack.yml
@@ -22,6 +22,7 @@ services:
       - Smtp__Password=${SMTP_PASSWORD}
       - Smtp__FromAddress=${SMTP_FROM_ADDRESS}
       - Smtp__FromName=${SMTP_FROM_NAME}
+      - PublicUrl=${PUBLIC_URL}
     depends_on:
       - mssql
     networks:
diff --git a/src/BirthList.Web/Program.cs b/src/BirthList.Web/Program.cs
index 9c267c0..48c5e84 100644
--- a/src/BirthList.Web/Program.cs
+++ b/src/BirthList.Web/Program.cs
@@ -1,6 +1,10 @@
+using System.Data;
 using BirthList.Infrastructure.Persistence;
 using BirthList.Web.Authorization;
+using BirthList.Web.Components;
+using BirthList.Web.Components.Account;
 using BirthList.Web.Configuration;
+using BirthList.Web.Data;
 using BirthList.Web.Features.Registries;
 using BirthList.Web.Services;
 using Microsoft.AspNetCore.Components.Authorization;
@@ -9,10 +13,6 @@ using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Infrastructure;
 using Microsoft.EntityFrameworkCore.Storage;
-using BirthList.Web.Components;
-using BirthList.Web.Components.Account;
-using BirthList.Web.Data;
-using System.Data;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -159,6 +159,20 @@ else
 }
 
 app.UseForwardedHeaders();
+
+var publicUrl = app.Configuration["PublicUrl"];
+if (!string.IsNullOrWhiteSpace(publicUrl) && Uri.TryCreate(publicUrl, UriKind.Absolute, out var publicUri))
+{
+    app.Use(async (context, next) =>
+    {
+        context.Request.Scheme = publicUri.Scheme;
+        context.Request.Host = publicUri.IsDefaultPort
+            ? new Microsoft.AspNetCore.Http.HostString(publicUri.Host)
+            : new Microsoft.AspNetCore.Http.HostString(publicUri.Host, publicUri.Port);
+        await next();
+    });
+}
+
 app.UseHttpsRedirection();
 
 app.UseStaticFiles();
diff --git a/src/BirthList.Web/appsettings.json b/src/BirthList.Web/appsettings.json
index 45645ce..6eb8155 100644
--- a/src/BirthList.Web/appsettings.json
+++ b/src/BirthList.Web/appsettings.json
@@ -38,5 +38,6 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "PublicUrl": ""
 }