A reverse proxy sits in front of the SparkyFitness frontend container and forwards requests to it while terminating TLS. This is required for production use because the SparkyFitness mobile app only works over HTTPS — it will refuse to connect to a plainDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodeWithCJ/SparkyFitness/llms.txt
Use this file to discover all available pages before exploring further.
http:// origin. A reverse proxy also lets you serve SparkyFitness on a custom domain, handle SSL certificates automatically, and add optional security headers.
What to proxy
The SparkyFitness frontend container runs Nginx internally on port80 (or 8080 when running as a non-root user). Your external reverse proxy should forward all traffic for your domain to that port.
In a standard Docker Compose deployment the service is named sparkyfitness-frontend and listens on port 80 inside the sparkyfitness-network bridge. The external port mapping defaults to 3004:80.
Nginx Proxy Manager
If you use Nginx Proxy Manager, add the following to the Advanced tab of your proxy host under Custom Nginx Configuration:Using Docker networking with Nginx Proxy Manager
Instead of forwarding to a host IP and port you can route directly through Docker networking:- Set the Scheme to
http. - Set the Forward Hostname / IP to
sparkyfitness-frontend(the Docker container name). - Set the Forward Port to
80. - Connect the two containers to a shared network:
Standalone Nginx
If you manage your own Nginx installation, create a server block similar to the following. Replacefitness.example.com with your domain and adjust the certificate paths for your certificate authority (e.g. Let’s Encrypt / Certbot).
Caddy
Caddy automatically provisions and renews TLS certificates via Let’s Encrypt. Add the following to yourCaddyfile:
Traefik
If you use Traefik as your ingress controller, you can configure automatic routing via Docker labels in yourdocker-compose.yml. Add the following labels to the sparkyfitness-frontend service:
sparkyfitness-frontend container is connected to the same Docker network as your Traefik instance, and that Traefik is configured with a certificate resolver (e.g. Let’s Encrypt).
CORS Configuration
SparkyFitness enforces CORS on the backend server. Two environment variables control which origins the server accepts requests from, in addition to the primarySPARKY_FITNESS_FRONTEND_URL.
| Variable | Default | Description |
|---|---|---|
SPARKY_FITNESS_FRONTEND_URL | http://localhost:3004 | Primary trusted origin. Set this to your public https:// domain in production. |
ALLOW_PRIVATE_NETWORK_CORS | false | When true, accepts requests from any private-range address (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, localhost). Useful for self-hosted LAN setups. |
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS | (empty) | Comma-separated list of additional origins to trust (e.g. http://192.168.1.175:8080,http://10.0.0.5:8080). |
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS is most useful when you access the app from a static LAN IP (e.g. a TV, tablet, or home-automation integration on a fixed address) and ALLOW_PRIVATE_NETWORK_CORS is not broad enough or you prefer to allow only specific addresses.