fix: nginx API proxy rewrite + ESM require() errors

smashingtags · claude · smashingtags · commit e2536e58aed1 · 2026-03-20T02:24:20.000-04:00
- nginx.conf: add rewrite ^/api/(.*) /$1 to strip /api/ prefix before
  proxying to backend (backend routes are /applications not /api/applications)
- auth.js: replace require('crypto') with ESM import (fixes crash in ES module)
- index.js: import spawn from child_process at top level, remove inline require()

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/nginx.conf b/nginx.conf
@@ -36,10 +36,11 @@ server {
     }
     
     # API proxy to backend container
-    # Use variable so nginx starts even if backend isn't ready yet
-    location /api {
+    # Strips /api/ prefix — backend routes are /applications, /auth/login, etc.
+    location /api/ {
         resolver 127.0.0.11 valid=10s ipv6=off;
         set $backend http://homelabarr-backend:8092;
+        rewrite ^/api/(.*) /$1 break;
         proxy_pass $backend;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
diff --git a/server/auth.js b/server/auth.js
@@ -1,10 +1,11 @@
 import jwt from 'jsonwebtoken';
 import bcrypt from 'bcryptjs';
+import crypto from 'crypto';
 import fs from 'fs';
 import path from 'path';
 
 // Configuration
-const JWT_SECRET = process.env.JWT_SECRET || require('crypto').randomBytes(32).toString('hex');
+const JWT_SECRET = process.env.JWT_SECRET || crypto.randomBytes(32).toString('hex');
 const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '24h';
 const USERS_FILE = path.join(process.cwd(), 'server', 'config', 'users.json');
 
diff --git a/server/index.js b/server/index.js
@@ -7,7 +7,7 @@ import path from 'path';
 import helmet from 'helmet';
 import os from 'os';
 import { chmodSync } from 'fs';
-import { execSync } from 'child_process';
+import { execSync, spawn } from 'child_process';
 import { promisify } from 'util';
 import {
   initializeAuth,
@@ -3518,7 +3518,7 @@ app.post('/deploy', authEnabled ? requireAuth : optionalAuth, async (req, res) =
       logger.info('🐳 Using direct Docker CLI deployment for it-tools MVP');
       
       try {
-        const { spawn } = require('child_process');
+        // spawn imported at top of file via ESM import
         
         const containerName = `homelabarr-${appId}-${Date.now()}`;
         const port = config.port || '8080';
@@ -3622,7 +3622,7 @@ app.post('/deploy', authEnabled ? requireAuth : optionalAuth, async (req, res) =
     
     // For MVP, create a simple container deployment using docker CLI
     try {
-      const { spawn } = require('child_process');
+      // spawn imported at top of file via ESM import
       
       // Basic it-tools container deployment
       if (appId === 'it-tools') {
