Update maxun-install.sh

install/maxun-install.sh

@@ -15,7 +15,6 @@ update_os
 
 msg_info "Installing Dependencies"
 $STD apt-get install -y \
-    gpg \
   openssl \
   redis \
   libgbm1 \
@@ -42,8 +41,6 @@ $STD apt-get install -y \
   nginx
 msg_ok "Installed Dependencies"
 
-#configure_lxc "Semantic Search requires a dedicated GPU and at least 16GB RAM. Would you like to install it?" 100 "memory" "16000"
-
 PG_VERSION=17 setup_postgresql
 NODE_VERSION="22" setup_nodejs
 
@@ -56,6 +53,7 @@ MINIO_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 JWT_SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
 ENCRYPTION_KEY=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
 LOCAL_IP=$(hostname -I | awk '{print $1}')
+SESSION_SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
 msg_ok "Set up Variables"
 
 msg_info "Setup Database"
@@ -71,6 +69,7 @@ $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
   echo "Maxun Database Name: $DB_NAME"
   echo "Maxun JWT Secret: $JWT_SECRET"
   echo "Maxun Encryption Key: $ENCRYPTION_KEY"
+  echo "Maxun Session Secret: $SESSION_SECRET"
 } >>~/maxun.creds
 msg_ok "Set up Database"
 
@@ -110,8 +109,9 @@ EOF
 systemctl enable -q --now minio
 msg_ok "Setup MinIO"
 
-msg_info "Installing Maxun (Patience)"
 fetch_and_deploy_gh_release "maxun" "getmaxun/maxun" "source"
+
+msg_info "Installing Maxun (Patience)"
 cat <<EOF >/opt/maxun/.env
 NODE_ENV=development
 JWT_SECRET=${JWT_SECRET}
@@ -137,6 +137,7 @@ VITE_BACKEND_URL=http://${LOCAL_IP}:8080
 VITE_PUBLIC_URL=http://${LOCAL_IP}:5173
 
 MAXUN_TELEMETRY=false
+SESSION_SECRET=${SESSION_SECRET}
 EOF
 
 cat <<'EOF' >/usr/local/bin/update-env-ip.sh
@@ -162,19 +163,27 @@ msg_info "Setting up nginx with CORS Proxy"
 cat <<'EOF' >/etc/nginx/sites-available/maxun
 server {
     listen 80;
+    server_name _;
 
-    location / {
+    # Frontend ausliefern
     root /usr/share/nginx/html;
+    index index.html;
+    location / {
         try_files $uri $uri/ /index.html;
     }
 
-    location ~ ^/(api|record|workflow|storage|auth|integration|proxy|api-docs) {
+    # Backend Proxy
-        proxy_pass http://localhost:8080;
+    location ~ ^/(auth|storage|record|workflow|robot|proxy|api-docs|api|webhook)(/|$) {
-        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:8080;
+        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
-        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
 
+        # CORS
         add_header Access-Control-Allow-Origin "$http_origin" always;
         add_header Access-Control-Allow-Credentials true always;
         add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS always;
@@ -193,7 +202,6 @@ server {
     }
 }
 EOF
-
 ln -sf /etc/nginx/sites-available/maxun /etc/nginx/sites-enabled/maxun
 rm -f /etc/nginx/sites-enabled/default
 msg_ok "nginx with CORS Proxy set up"