wip

API/ROLAC.API/Program.cs

@@ -1,6 +1,7 @@
 using System.Text;
 using System.Text.Json;
 using System.Security.Claims;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
@@ -143,6 +144,7 @@ builder.Services
         opt.JsonSerializerOptions.Converters.Add(new TolerantDateOnlyConverter());
     });
 builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddHealthChecks();
 builder.Services.AddSwaggerGen(opt =>
 {
     opt.SwaggerDoc("v1", new() { Title = "ROLAC API", Version = "v1" });
@@ -171,6 +173,12 @@ builder.Services.AddSwaggerGen(opt =>
 // ---------------------------------------------------------------------------
 var app = builder.Build();
 
+// Behind a TLS-terminating reverse proxy (nginx), honour the original scheme/client IP.
+app.UseForwardedHeaders(new ForwardedHeadersOptions
+{
+    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
+});
+
 // Apply migrations + seed on startup
 using (var scope = app.Services.CreateScope())
 {
@@ -185,10 +193,16 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
-app.UseHttpsRedirection();
+// TLS is terminated by nginx in production; only redirect in local dev.
+if (app.Environment.IsDevelopment())
+{
+    app.UseHttpsRedirection();
+}
+
 app.UseCors("Angular");
 app.UseAuthentication();
 app.UseAuthorization();
 app.MapControllers();
+app.MapHealthChecks("/health");
 
 app.Run();