Fix CORS configuration and HTTPS port 443 issue

- Add support for multiple CORS origins (comma-separated)
  * Updated src/app.js to parse comma-separated CORS_ORIGIN env variable
  * Updated src/server.js to support multiple origins for Socket.io WebSocket connections
  * Allows frontend apps from localhost, beta, and production to access the API

- Fix nginx configuration typo preventing HTTPS from working
  * Fixed 'body_size_sent' -> 'body_bytes_sent' in log_format
  * This typo was preventing nginx from starting with SSL configuration
  * Port 443 is now properly listening and accepting HTTPS connections

- Update docker-compose.prod.yml with default CORS origins
  * Set default CORS_ORIGIN to include all frontend environments:
    - http://localhost:3000 (local development)
    - https://beta-app.insightbull.io (beta/staging)
    - https://app.insightbull.io (production)

These changes enable:
- Frontend team to access API from all environments (localhost, beta, production)
- HTTPS connections to work properly (port 443)
- WebSocket connections to work from all allowed origins
- Proper CORS headers for cross-origin requests

Fixes connection issues reported by frontend team where:
- CORS was blocking localhost:3000 requests
- HTTPS port 443 was refusing connections

docker-compose.prod.yml

@@ -40,7 +40,7 @@ services:
       - DB_NAME=${DB_NAME:-financial_data}
       - DB_USER=${DB_USER:-postgres}
       - DB_PASSWORD=${DB_PASSWORD}
-      - CORS_ORIGIN=${CORS_ORIGIN:-*}
+      - CORS_ORIGIN=${CORS_ORIGIN:-http://localhost:3000,https://beta-app.insightbull.io,https://app.insightbull.io}
       - JWT_SECRET=${JWT_SECRET}
       - LOG_LEVEL=${LOG_LEVEL:-info}
     # No volume mounts in production (code is baked into image)

nginx/nginx.prod.conf

@@ -16,7 +16,7 @@ http {
     default_type application/octet-stream;
 
     log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_size_sent "$http_referer" '
+                    '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log /var/log/nginx/access.log main;

src/app.js

@@ -21,8 +21,13 @@ const app = express();
 app.use(helmet());
 
 // CORS configuration
+// Support comma-separated origins for multiple frontend applications
+const allowedOrigins = process.env.CORS_ORIGIN 
+  ? process.env.CORS_ORIGIN.split(',').map(origin => origin.trim())
+  : '*';
+
 app.use(cors({
-  origin: process.env.CORS_ORIGIN || '*',
+  origin: allowedOrigins,
   credentials: true
 }));
 

src/server.js

@@ -16,9 +16,14 @@ const startServer = async () => {
     const server = createServer(app);
 
     // Initialize Socket.io - Force WebSocket transport to prevent polling fallback
+    // Support comma-separated origins for multiple frontend applications
+    const allowedOrigins = process.env.CORS_ORIGIN 
+      ? process.env.CORS_ORIGIN.split(',').map(origin => origin.trim())
+      : "*";
+
     const io = new Server(server, {
       cors: {
-        origin: process.env.CORS_ORIGIN || "*",
+        origin: allowedOrigins,
         methods: ["GET", "POST"],
         credentials: true
       },