Unknown error: Load failed when logging in or signing up from a reverse proxy

[buresdv]

I just spun up Huly and put the frontend behind reverse proxy. I forwarded myIP:8087 (default for the frontend) to dash.mydomain.org. This domain, along with all of its subdomains, have a properly-configured and functioning SSL.

Now, when I try to log in or create a new account through the domain, I get the error Unknown error: Load failed. This does not happen if I access Huly directly through myIP:8087.

No errors are logged into any of the containers, but the console does show this error:
Fetch API cannot load http://myIP:3000/ due to access control checks.

I have not changed anything in the Compose file, apart from changing the port of minio to 9003 due to another service already running on that port.

Can this be solved in a manner that would maintain security, and without having to expose the account service?

[aonnikov]

I believe the problem is that you exposed only the front service. Huly requires not only front, but several more services to be accessible - transactor, account, collaborator.

[buresdv]

Doesn't that sound like a huge security issue? Is it really necessary to expose anything but the frontend?

[aonnikov]

That probably does, but now we have an example of configuration that exposes only the frontend. You can check it out here: https://github.com/hcengineering/huly-selfhost/tree/main/nginx