Issue: Empty array when using ChatbotUI with local Supabase #Nginx #SelfHosted #1981
Description
Issue: Empty array when using ChatbotUI with local Supabase
Description:
When using ChatbotUI with a local Supabase instance behind a reverse proxy, requests to /rest/v1/workspaces return an empty array ([]).
However, making the same request directly to the API port (e.g., 127.0.0.1:54321) returns the expected data.
Details
Local Supabase CLI: API runs on 127.0.0.1:54321.
Nginx is used as a reverse proxy with SSL.
Language prefixes like /es/ or /en/ are automatically added and can cause 404 if not properly rewritten.
The session cookie contains the correct JWT but isn’t directly used by the app.
server {
listen 80;
server_name chat.**************.com;
root /var/www/certbot;
location /.well-known/acme-challenge/ {
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name chat.******************.com;
ssl_certificate /etc/letsencrypt/live/chat.***********.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.*************.com/privkey.pem;
location ^~ /rest/v1/ {
proxy_pass http://127.0.0.1:54321;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
proxy_set_header Cookie $http_cookie;
proxy_set_header Accept "application/json";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
}
location ~ ^/[a-z][a-z]/rest/v1/(.*)$ {
rewrite ^/[a-z][a-z]/rest/v1/(.*)$ /rest/v1/$1 break;
proxy_pass http://127.0.0.1:54321;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
proxy_set_header Cookie $http_cookie;
proxy_set_header Accept "application/json";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
}
location /auth/v1/ {
proxy_pass http://127.0.0.1:54321/auth/v1/; # GoTrue local
proxy_http_version 1.1;
# Headers importantes para que Supabase detecte correctamente la request
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Soporte para cookies y CORS
proxy_set_header Accept "application/json";
proxy_set_header Origin $scheme://$host;
proxy_redirect off;
proxy_buffering off;
}
location / {
proxy_set_header Accept "application/json";
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
proxy_set_header Cookie $http_cookie;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
}
}
Summary:
The issue seems related to how ChatbotUI retrieves the session token and the language prefixes in the routes.
Guidance is needed to make the local API return the correct data behind a reverse proxy.
Not ChatGPT text:
Basically what happens is that I'm self hosting this app. I've setted up everything as showed in the readme. However, when I try to access the web, it loads the login, but after the login, the response from server is an empty array ([]). The app crashes. As I said, the app runs behind a nginx reverse proxy. You can check the configuration file of nginx.
Variables in .env.local:
NEXT_PUBLIC_SUPABASE_SERVER_URL=http://127.0.0.1:54321
NEXT_PUBLIC_SUPABASE_PUBLIC_URL=https://chat.mydomain.com
anon key and service role key already configured and no needed to show.
I tried to make an ssh tunnel ( ssh -L 54321:localhost:54321 myuser@myserver ) to my VPS where I host the app. I changed the env var to NEXT_PUBLIC_SUPABASE_PUBLIC_URL=http://localhost54321 and it worked! But of couse, only in the computer where I have the SSH tunnel...
I've made a reasearch and the problem seems to be because the cookie is created for the host 127.0.0.1 and not chat.mydomain.com. Then, when it authenticates to supabase, it returns empty array because my host is not authorized. I already changed the supabase/config.toml with my domain
[auth]
# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used
# in emails.
site_url = "https://chat.mydomain.com"
# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
additional_redirect_urls = ["https://localhost:3000", "https://chat.mydomain.com"]
# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
jwt_expiry = 604800
# If disabled, the refresh token will never expire.
enable_refresh_token_rotation = true
# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
# Requires enable_refresh_token_rotation = true.
refresh_token_reuse_interval = 10
# Allow/disallow new user signups to your project.
enable_signup = true
I need some guidance on how to make the reverse proxy with chatbotui work. Thank you very much for reading.