From f38c3f86cc238e5bbeeb23f7bf691a23fca61cfc Mon Sep 17 00:00:00 2001
From: Andrew Palardy <apalrd@gmail.com>
Date: Tue, 26 Aug 2025 14:32:19 +0300
Subject: [PATCH 1/4] Don't enforce TLS on localhost since proxy will

---
 server.js | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/server.js b/server.js
index d9a617a..b1f0cc6 100644
--- a/server.js
+++ b/server.js
@@ -36,21 +36,6 @@ app.set('domain', domain);
 
 app.disable('x-powered-by');
 
-// force HTTPS in production
-if (process.env.ENVIRONMENT === 'production') {
-  app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
-
-  app.use(({ secure, hostname, url, port }, response, next) => {
-    if (!secure) {
-      return response.redirect(308, `https://${hostname}${url}${port ? `:${port}` : ''}`);
-    }
-
-    return next();
-  });
-} else {
-  console.log("ENVIRONMENT is not 'production', HTTPS not forced");
-}
-
 const hbs = create({
   helpers: {
     pluralize(number, singular, plural) {
@@ -132,4 +117,14 @@ app.use('/nodeinfo/2.0', routes.nodeinfo);
 app.use('/nodeinfo/2.1', routes.nodeinfo);
 app.use('/opensearch.xml', routes.opensearch);
 
-app.listen(PORT, () => console.log(`App listening on port ${PORT}`));
+// Run in production on localhost
+if (process.env.ENVIRONMENT === 'production') {
+  app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
+
+  //Connections from the proxy will come without HTTPS, and the proxy will deal with the redirect
+  console.log("ENVIRONMENT is 'production'");
+  app.listen(PORT, '127.0.0.1', () => console.log(`App listening on port ${PORT}`));
+} else {
+  console.log("ENVIRONMENT is not 'production', HTTPS not forced");
+  app.listen(PORT, () => console.log(`App listening on port ${PORT}`));
+}

From c0f5bdff9aec398b2eb9f87a2f4107abb20f3fad Mon Sep 17 00:00:00 2001
From: Andrew Palardy <apalrd@gmail.com>
Date: Tue, 26 Aug 2025 14:37:07 +0300
Subject: [PATCH 2/4] Remove Remix on Glitch (Glitch is shutdown)

---
 src/pages/layouts/main.hbs | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/pages/layouts/main.hbs b/src/pages/layouts/main.hbs
index 77008d3..595fbfa 100644
--- a/src/pages/layouts/main.hbs
+++ b/src/pages/layouts/main.hbs
@@ -67,10 +67,6 @@
          <a class="btn--github" href="https://github.com/ckolderup/postmarks" target="_blank">
         <img src="/github-icon.svg" alt="GitHub logo">
       </a>
-      <a class="btn--remix" target="_top" href="https://glitch.new/github.com/ckolderup/postmarks">
-        <img src="/glitch-logo.svg" alt="Glitch logo">
-        Remix on Glitch
-      </a>
       </div>
     </footer>
     {{{_sections.script}}}

From 5cf55eb1193ef758cc9ffa24475feb21e10fafc6 Mon Sep 17 00:00:00 2001
From: Andrew Palardy <apalrd@gmail.com>
Date: Fri, 5 Sep 2025 14:59:56 +0300
Subject: [PATCH 3/4] Revert "Don't enforce TLS on localhost since proxy will"

This reverts commit f38c3f86cc238e5bbeeb23f7bf691a23fca61cfc.
---
 server.js | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/server.js b/server.js
index 9be7b97..17bf95a 100644
--- a/server.js
+++ b/server.js
@@ -36,6 +36,21 @@ app.set('domain', domain);
 
 app.disable('x-powered-by');
 
+// force HTTPS in production
+if (process.env.ENVIRONMENT === 'production') {
+  app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
+
+  app.use(({ secure, hostname, url, port }, response, next) => {
+    if (!secure) {
+      return response.redirect(308, `https://${hostname}${url}${port ? `:${port}` : ''}`);
+    }
+
+    return next();
+  });
+} else {
+  console.log("ENVIRONMENT is not 'production', HTTPS not forced");
+}
+
 const hbs = create({
   helpers: {
     pluralize(number, singular, plural) {
@@ -114,14 +129,4 @@ app.use('/nodeinfo/2.0', routes.nodeinfo);
 app.use('/nodeinfo/2.1', routes.nodeinfo);
 app.use('/opensearch.xml', routes.opensearch);
 
-// Run in production on localhost
-if (process.env.ENVIRONMENT === 'production') {
-  app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
-
-  //Connections from the proxy will come without HTTPS, and the proxy will deal with the redirect
-  console.log("ENVIRONMENT is 'production'");
-  app.listen(PORT, '127.0.0.1', () => console.log(`App listening on port ${PORT}`));
-} else {
-  console.log("ENVIRONMENT is not 'production', HTTPS not forced");
-  app.listen(PORT, () => console.log(`App listening on port ${PORT}`));
-}
+app.listen(PORT, () => console.log(`App listening on port ${PORT}`));

From 9bd65fcae60f38984408ea586ad81361315510ea Mon Sep 17 00:00:00 2001
From: Andrew Palardy <apalrd@gmail.com>
Date: Fri, 5 Sep 2025 15:02:06 +0300
Subject: [PATCH 4/4] Allow setting HOST to bind to

---
 server.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/server.js b/server.js
index 17bf95a..6827a2d 100644
--- a/server.js
+++ b/server.js
@@ -14,6 +14,7 @@ import routes from './src/routes/index.js';
 dotenv.config();
 
 const PORT = process.env.PORT || 3000;
+const HOST = process.env.HOST || '::';
 
 const app = express();
 app.use(express.static('public'));
@@ -36,10 +37,10 @@ app.set('domain', domain);
 
 app.disable('x-powered-by');
 
+app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
+
 // force HTTPS in production
 if (process.env.ENVIRONMENT === 'production') {
-  app.set('trust proxy', ['127.0.0.1', '10.0.0.0/8']);
-
   app.use(({ secure, hostname, url, port }, response, next) => {
     if (!secure) {
       return response.redirect(308, `https://${hostname}${url}${port ? `:${port}` : ''}`);
@@ -129,4 +130,4 @@ app.use('/nodeinfo/2.0', routes.nodeinfo);
 app.use('/nodeinfo/2.1', routes.nodeinfo);
 app.use('/opensearch.xml', routes.opensearch);
 
-app.listen(PORT, () => console.log(`App listening on port ${PORT}`));
+app.listen(PORT, HOST, () => console.log(`App listening on port ${PORT}`));