piotr.sliwa/t-convex-nextjs-saas
Template
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
t-convex-nextjs-saas/.sisyphus/drafts/convex-coolify-better-auth-debug.md
nxtkofi d41d4687ee feat(legal): add GDPR-compliant cookie consent banner 
Add CookieBanner component with useCookieConsent hook, translations in EN/PL, and integration into root layout

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-05-02 16:02:13 +02:00

2.5 KiB
Raw Blame History

Draft: Convex Coolify Better Auth Debug

Requirements (confirmed)

  • research how this should work with Coolify, Convex, and Let's Encrypt
  • explain whether current sign-up flow is correct
  • determine likely causes of Convex errors like No available server and TLS failures
  • account for local Next.js (SITE_URL=http://localhost:3000) talking to Convex hosted on Coolify/VPS

Technical Decisions

  • investigate repo auth flow before drawing conclusions
  • compare repo implementation against authoritative Better Auth + Convex guidance
  • include infrastructure-side TLS/proxy hypotheses, not just app-code explanations

Research Findings

  • local app calls authClient.signUp.email(...) from src/app/sign-up/page.tsx
  • Next route proxies Better Auth via src/app/api/auth/[...all]/route.ts
  • server-side Better Auth bridge is configured in src/lib/auth-server.ts
  • authoritative Better Auth + Convex guidance confirms sign-up/sign-in must happen from the client; authClient.signUp.email(...) is the canonical flow
  • auth requests go browser -> Next /api/auth/... -> server-side fetch to Convex site URL; TLS is evaluated on that server-to-server hop, not in the browser
  • Better Auth with Convex writes to auth component tables like user, account, session, verification; custom app user syncing requires additional trigger-style logic
  • Coolify/Traefik can present a self-signed fallback cert when ACME/Let's Encrypt or routing is wrong, even if the public browser path appears healthy
  • No available server aligns more with Coolify/Traefik upstream health/routing issues than with incorrect Better Auth API usage
  • user confirmed local SITE_URL is http://localhost:3000 and Convex runs remotely on Coolify with distinct backend, dashboard, and backend-site hostnames
  • user's Coolify env exposes SERVICE_URL_BACKEND=https://convex-backend.mentat.ovh and SERVICE_URL_BACKEND_SITE=https://backend-site-olnjg91x5ervt6j6owwgnlha.mentat.ovh; these hostnames must not be conflated with the dashboard URL

Open Questions

  • which exact host is currently configured in NEXT_PUBLIC_CONVEX_SITE_URL
  • whether the Next runtime reaches a different internal/proxied hostname than the browser does
  • whether Coolify proxy health/port/DNS/IPv6 configuration is intermittently breaking Convex upstream availability

Scope Boundaries

  • INCLUDE: repo auth flow, Better Auth/Convex expectations, Coolify/Let's Encrypt TLS behavior
  • EXCLUDE: implementing fixes in source files during research