From 4bd31b0728f4a5ddb7218eb14f44de332eb33687 Mon Sep 17 00:00:00 2001
From: Kenji M <kenji@kenjim.com>
Date: Fri, 19 Jun 2026 16:12:14 +0000
Subject: [PATCH] Fix contact form: use host networking to reach Proton Bridge
 SMTP

Both containers now run in network_mode: host so the API can connect
directly to Proton Bridge on 127.0.0.1:1025. The pfSense search domain
(home.arpa) was leaking into Docker DNS and causing NXDOMAIN failures
for inter-container hostnames. Host networking bypasses this entirely.

- docker-compose: both services use network_mode: host
- nginx: listen on 8080 (was 80), proxy /api/ to 127.0.0.1:3001
- server.js: allow self-signed TLS cert from Proton Bridge

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/server.js   |  1 +
 docker-compose.yml  |  4 ++--
 frontend/nginx.conf | 11 ++++-------
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index e645e77..5b55917 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -14,6 +14,7 @@ const transporter = nodemailer.createTransport({
     user: process.env.SMTP_USER,
     pass: process.env.SMTP_PASS,
   },
+  tls: { rejectUnauthorized: false },
 })
 
 app.post('/contact', async (req, res) => {
diff --git a/docker-compose.yml b/docker-compose.yml
index a5937f1..f852cd8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,8 +2,7 @@ services:
   frontend:
     build: ./frontend
     container_name: www-kenjim-frontend
-    ports:
-      - "8080:80"
+    network_mode: host
     depends_on:
       - api
     restart: always
@@ -11,5 +10,6 @@ services:
   api:
     build: ./backend
     container_name: www-kenjim-api
+    network_mode: host
     env_file: .env
     restart: always
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 4a71603..f4a775c 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -1,19 +1,16 @@
 server {
-    listen 80;
+    listen 8080;
     root /usr/share/nginx/html;
     index index.html;
 
-    # SPA routing — return index.html for all non-file routes
     location / {
         try_files $uri $uri/ /index.html;
     }
 
-    # Proxy API calls to the backend container
-    # Use Docker's internal DNS resolver so upstream resolves at request time
-    resolver 127.0.0.11 valid=10s;
-    set $api http://api:3001;
+    # Both containers share host network; api is on localhost:3001.
+    # Trailing slash strips the /api/ prefix before forwarding.
     location /api/ {
-        proxy_pass         $api/;
+        proxy_pass         http://127.0.0.1:3001/;
         proxy_set_header   Host              $host;
         proxy_set_header   X-Real-IP         $remote_addr;
         proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;