From f9c80c375a585d1ef2fc2a8bf976a100a08fc405 Mon Sep 17 00:00:00 2001
From: richardtekula <barspin4499@gmail.com>
Date: Tue, 11 Nov 2025 16:41:43 +0100
Subject: [PATCH] Fix: Disable TrustedHostMiddleware behind Traefik proxy

  TrustedHostMiddleware was blocking localhost healthchecks from Traefik,
  causing 400 Bad Request errors. When behind a reverse proxy like
  Traefik/Coolify, host validation is handled by the proxy itself.
---
 ebook_backend&admin_panel/admin-backend/main.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ebook_backend&admin_panel/admin-backend/main.py b/ebook_backend&admin_panel/admin-backend/main.py
index 6e6cd1e..9c2d2b2 100644
--- a/ebook_backend&admin_panel/admin-backend/main.py
+++ b/ebook_backend&admin_panel/admin-backend/main.py
@@ -100,12 +100,14 @@ app.mount("/static", StaticFiles(directory=ADMIN_PANEL_DIR), name="static")
 templates = Jinja2Templates(directory=ADMIN_PANEL_DIR)
 
 # Add middleware for production readiness
-if AppConfig.ENVIRONMENT == "production":
-    # Trusted host middleware for production security
-    app.add_middleware(
-        TrustedHostMiddleware,
-        allowed_hosts=AppConfig.TRUSTED_HOSTS
-    )
+# NOTE: TrustedHostMiddleware disabled when behind reverse proxy (Traefik/Coolify)
+# The reverse proxy handles host validation
+# if AppConfig.ENVIRONMENT == "production":
+#     # Trusted host middleware for production security
+#     app.add_middleware(
+#         TrustedHostMiddleware,
+#         allowed_hosts=AppConfig.TRUSTED_HOSTS
+#     )
 
 # CORS middleware for cross-origin requests
 app.add_middleware(