build: correctly configure CORS for S3 and Electric services

deploy/compose.development.yaml

@@ -80,12 +80,19 @@ x-proxy-env: &proxy-env # General
   # We need this to allow for client-side routing in the SPA (from index.html)
   dev.fmtm.hotosm.org_ERRORS: 404=/index.html
   mapper.dev.fmtm.hotosm.org_ERRORS: 404=/index.html
+  # CORS for the backend is configured by FastAPI
   api.dev.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://api:8000
   api.dev.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
   s3.dev.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://s3:9000
   s3.dev.fmtm.hotosm.org_MAX_CLIENT_SIZE: 10G
+  # CORS must be enabled for Minio to work
+  s3.dev.fmtm.hotosm.org_USE_CORS: yes
+  # s3.dev.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: "*" # default
   sync.dev.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://electric:3000
   sync.dev.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
+  # CORS must be enabled for Electric to work
+  sync.dev.fmtm.hotosm.org_USE_CORS: yes
+  sync.dev.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: https://dev.fmtm.hotosm.org
   odk.dev.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://central:8383
   odk.dev.fmtm.hotosm.org_REVERSE_PROXY_URL: ~ ^/v\d
   # buffer requests, but not responses, so streaming out works

deploy/compose.main.yaml

@@ -72,16 +72,22 @@ x-proxy-env: &proxy-env # General
   EMAIL_LETS_ENCRYPT: ${CERT_EMAIL}
   # USE_LETS_ENCRYPT_STAGING: yes
   # Reverse proxy configs
-  SERVER_NAME: dev.fmtm.hotosm.org mapper.fmtm.hotosm.org api.fmtm.hotosm.org s3.fmtm.hotosm.org sync.fmtm.hotosm.org odk.fmtm.hotosm.org
+  SERVER_NAME: fmtm.hotosm.org mapper.fmtm.hotosm.org api.fmtm.hotosm.org s3.fmtm.hotosm.org sync.fmtm.hotosm.org odk.fmtm.hotosm.org
   # We need this to allow for client-side routing in the SPA (from index.html)
   fmtm.hotosm.org_ERRORS: 404=/index.html
   mapper.fmtm.hotosm.org_ERRORS: 404=/index.html
   api.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://api:8000
   api.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
   s3.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://s3:9000
   s3.fmtm.hotosm.org_MAX_CLIENT_SIZE: 10G
+  # CORS must be enabled for Minio to work
+  s3.fmtm.hotosm.org_USE_CORS: yes
+  # s3.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: "*" # default
   sync.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://electric:3000
   sync.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
+  # CORS must be enabled for Electric to work
+  sync.fmtm.hotosm.org_USE_CORS: yes
+  sync.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: https://fmtm.hotosm.org
 
 services:
   proxy:
@@ -93,8 +99,8 @@ services:
     volumes:
       # - certs:/etc/letsencrypt
       - certs:/data
-      - fmtm_frontend:/var/www/html/dev.fmtm.hotosm.org:ro
-      - fmtm_mapper_frontend:/var/www/html/mapper.dev.fmtm.hotosm.org:ro
+      - fmtm_frontend:/var/www/html/fmtm.hotosm.org:ro
+      - fmtm_mapper_frontend:/var/www/html/mapper.fmtm.hotosm.org:ro
     environment: *proxy-env
     ports:
       - 80:8080
@@ -105,7 +111,7 @@ services:
 
   proxy-setup:
     extends:
-      file: compose.development.yaml
+      file: compose.staging.yaml
       service: proxy-setup
     # Override the environment variables
     environment: *proxy-env

deploy/compose.staging.yaml

@@ -84,8 +84,14 @@ x-proxy-env: &proxy-env # General
   api.stage.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
   s3.stage.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://s3:9000
   s3.stage.fmtm.hotosm.org_MAX_CLIENT_SIZE: 10G
+  # CORS must be enabled for Minio to work
+  s3.stage.fmtm.hotosm.org_USE_CORS: yes
+  # s3.stage.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: "*" # default
   sync.stage.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://electric:3000
   sync.stage.fmtm.hotosm.org_MAX_CLIENT_SIZE: 1G
+  # CORS must be enabled for Electric to work
+  sync.stage.fmtm.hotosm.org_USE_CORS: yes
+  sync.stage.fmtm.hotosm.org_CORS_ALLOW_ORIGIN: https://stage.fmtm.hotosm.org
   odk.stage.fmtm.hotosm.org_REVERSE_PROXY_HOST: http://central:8383
   odk.stage.fmtm.hotosm.org_REVERSE_PROXY_URL: ~ ^/v\d
   # buffer requests, but not responses, so streaming out works