From 94b64a85d80a22b06e7ae9c218e299a983a8fb02 Mon Sep 17 00:00:00 2001
From: Ace Data Cloud Dev <dev@acedata.cloud>
Date: Tue, 5 May 2026 02:08:11 +0800
Subject: [PATCH] fix(web): proxy /health through nginx to the api pod

Caught while verifying the stack end-to-end:

  $ curl http://localhost:8080/health
  <!doctype html>...   <- SPA fallback returned the index page

The nginx config covered /api, /mcp, and /.well-known but NOT /health,
which meant any LB / ingress / curl probing /health on the web pod
got the SPA bundle and a misleading 200. Probes that compare body
shape (JSON vs HTML) catch this; probes that only look at status
code don't.

Add an exact-match `location = /health` that proxies to the api
service. Ad-hoc curl + ingress probes against the web pod now both
return the JSON status payload.
---
 web/deploy/nginx.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/web/deploy/nginx.conf b/web/deploy/nginx.conf
index 6ae19b5..69614fb 100644
--- a/web/deploy/nginx.conf
+++ b/web/deploy/nginx.conf
@@ -49,6 +49,14 @@ server {
         proxy_pass http://api:8000;
     }
 
+    # Operational health probe — reaches the api liveness endpoint
+    # without going through the SPA fallback. Useful for ad-hoc curl
+    # and for ingress / load-balancer health checks that target the
+    # web pod (k8s probes hit the api pod directly via Service).
+    location = /health {
+        proxy_pass http://api:8000/health;
+    }
+
     # Static asset cache headers (Vite emits hashed filenames so this is
     # safe for the long-tail).
     location ~* \.(js|css|woff2?|svg|png|jpg|jpeg|gif|ico)$ {