Chainlit Authentication behind nginx reverse proxy

[bibelwort]

trafficstars

When I start two Chainlit Docker containers with different CHAINLIT_AUTH_SECRET and CHAINLIT_URL behind an NGINX reverse proxy, authentication begins to fail.

Here's the scenario: I open two different browsers in incognito mode, each accessing its own URL. When I attempt to log in with a username and password on one of the servers, Chainlit reports "could not reach the server" or "invalid authentication token." However, if I immediately try to log in on another server with a different URL (using a separate browser), it works fine. The same behavior occurs when using Google Auth, but in that case, the browser automatically redirects from one URL to another. If I shut down one of the containers, everything returns to normal—regardless of the browser or incognito mode.

It appears that the reverse proxy isn't handling some authentication requests correctly. Specifically, according to the logs, WebSocket requests from one URL are being sent by the proxy to another URL or even both containers simultaneously. I've attached the request logs when I attempted to log in on one server and encountered the issue. Each container receives requests from both browser sessions concurrently (even though the other browser is idle).

Could you please explain how this setup works and provide guidance on properly configuring the proxy and Chainlit? It seems that my usual configurations, which work for other web apps, don't apply here. I've also included the proxy config template I typically use for reference.

Chainlit version: 1.1.303 proxy_conf.txt url1_requests.log url2_requests.log