From bc82621b419d93e17e98b1db04ef23f6247ce85c Mon Sep 17 00:00:00 2001
From: Orion Wilkinson-Johnson <orion.wilkinson-johnson@singlewire.com>
Date: Wed, 16 Apr 2025 09:44:21 -0500
Subject: [PATCH 1/2] Implement BASE_PATH environment variable

---
 package-lock.json                             |  2 +-
 server/env.js                                 |  1 +
 server/handlers/auth.handler.js               |  6 ++--
 server/handlers/helpers.handler.js            |  3 +-
 server/handlers/links.handler.js              | 10 +++----
 server/handlers/locals.handler.js             |  1 +
 server/handlers/renders.handler.js            |  8 ++---
 server/mail/mail.js                           |  3 ++
 server/mail/template-reset.html               |  4 +--
 server/server.js                              | 28 ++++++++++-------
 server/utils/utils.js                         |  7 ++++-
 server/views/404.hbs                          |  2 +-
 server/views/banned.hbs                       |  2 +-
 server/views/error.hbs                        |  2 +-
 server/views/layout.hbs                       | 30 +++++++++----------
 server/views/logout.hbs                       |  2 +-
 .../partials/admin/dialog/add_domain.hbs      |  2 +-
 .../partials/admin/dialog/ban_domain.hbs      |  2 +-
 .../views/partials/admin/dialog/ban_user.hbs  |  2 +-
 .../partials/admin/dialog/create_user.hbs     |  2 +-
 .../partials/admin/dialog/delete_domain.hbs   |  2 +-
 .../partials/admin/dialog/delete_user.hbs     |  2 +-
 .../views/partials/admin/domains/actions.hbs  |  4 +--
 server/views/partials/admin/domains/table.hbs |  2 +-
 server/views/partials/admin/domains/thead.hbs |  2 +-
 server/views/partials/admin/domains/tr.hbs    |  8 ++---
 server/views/partials/admin/links/actions.hbs |  8 ++---
 server/views/partials/admin/links/edit.hbs    |  2 +-
 server/views/partials/admin/links/table.hbs   |  2 +-
 server/views/partials/admin/links/tr.hbs      |  8 ++---
 server/views/partials/admin/table_tab.hbs     |  6 ++--
 server/views/partials/admin/users/actions.hbs |  4 +--
 server/views/partials/admin/users/table.hbs   |  2 +-
 server/views/partials/admin/users/thead.hbs   |  2 +-
 server/views/partials/admin/users/tr.hbs      |  4 +--
 server/views/partials/auth/form.hbs           |  6 ++--
 server/views/partials/auth/form_admin.hbs     |  2 +-
 server/views/partials/auth/welcome.hbs        |  2 +-
 server/views/partials/footer.hbs              |  6 ++--
 server/views/partials/header.hbs              | 14 ++++-----
 server/views/partials/links/actions.hbs       |  6 ++--
 server/views/partials/links/dialog/ban.hbs    |  2 +-
 server/views/partials/links/dialog/delete.hbs |  2 +-
 server/views/partials/links/edit.hbs          |  2 +-
 server/views/partials/links/table.hbs         |  2 +-
 server/views/partials/protected/form.hbs      |  2 +-
 server/views/partials/report/email.hbs        |  2 +-
 server/views/partials/report/form.hbs         |  2 +-
 .../reset_password/new_password_form.hbs      |  2 +-
 .../reset_password/new_password_success.hbs   |  2 +-
 .../partials/reset_password/request_form.hbs  |  2 +-
 server/views/partials/settings/apikey.hbs     |  2 +-
 .../views/partials/settings/change_email.hbs  |  4 +--
 .../partials/settings/change_password.hbs     |  2 +-
 .../partials/settings/delete_account.hbs      |  2 +-
 .../partials/settings/domain/add_form.hbs     |  2 +-
 .../views/partials/settings/domain/delete.hbs |  2 +-
 .../views/partials/settings/domain/index.hbs  |  2 +-
 .../views/partials/settings/domain/table.hbs  |  2 +-
 server/views/partials/shortener.hbs           |  2 +-
 server/views/partials/stats.hbs               |  4 +--
 .../views/reset_password_set_new_password.hbs |  2 +-
 server/views/stats.hbs                        |  6 ++--
 server/views/verify.hbs                       |  4 +--
 server/views/verify_change_email.hbs          |  6 ++--
 static/css/styles.css                         |  2 +-
 66 files changed, 147 insertions(+), 130 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 00c1f0bed..2ffc07694 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
         "cookie-parser": "1.4.7",
         "cors": "2.8.5",
         "date-fns": "2.30.0",
-        "dotenv": "^16.4.7",
+        "dotenv": "16.4.7",
         "envalid": "8.0.0",
         "express": "4.21.2",
         "express-rate-limit": "7.5.0",
diff --git a/server/env.js b/server/env.js
index 87f7bc373..b66ac3cde 100644
--- a/server/env.js
+++ b/server/env.js
@@ -65,6 +65,7 @@ const spec = {
   REPORT_EMAIL: str({ default: "" }),
   CONTACT_EMAIL: str({ default: "" }),
   NODE_APP_INSTANCE: num({ default: 0 }),
+  BASE_PATH: str({ default: "" }),
 };
 
 for (const key in spec) {
diff --git a/server/handlers/auth.handler.js b/server/handlers/auth.handler.js
index cb120b5b4..b8df15fe5 100644
--- a/server/handlers/auth.handler.js
+++ b/server/handlers/auth.handler.js
@@ -28,11 +28,11 @@ function authenticate(type, error, isStrict, redirect) {
         (user && user.banned))
       ) {
         if (redirect === "page") {
-          res.redirect("/logout");
+          res.redirect(utils.getPath('/logout'));
           return;
         }
         if (redirect === "header") {
-          res.setHeader("HX-Redirect", "/logout");
+          res.setHeader("HX-Redirect", utils.getPath('/logout'));
           res.send("NOT_AUTHENTICATED");
           return;
         }
@@ -357,7 +357,7 @@ function featureAccess(features, redirect) {
     for (let i = 0; i < features.length; ++i) {
       if (!features[i]) {
         if (redirect) {
-          return res.redirect("/");
+          return res.redirect(utils.getPath("/"));
         } else {
           throw new CustomError("Request is not allowed.", 400);
         }
diff --git a/server/handlers/helpers.handler.js b/server/handlers/helpers.handler.js
index ff53454b3..bf63ba7ef 100644
--- a/server/handlers/helpers.handler.js
+++ b/server/handlers/helpers.handler.js
@@ -6,6 +6,7 @@ const { CustomError } = require("../utils");
 const query = require("../queries");
 const redis = require("../redis");
 const env = require("../env");
+const utils = require("../utils");
 
 function error(error, req, res, _next) {
   if (!(error instanceof CustomError)) {
@@ -131,7 +132,7 @@ async function adminSetup(req, res, next) {
     return;
   }
 
-  res.redirect("/create-admin");
+  res.redirect(utils.getPath('/create-admin'));
 }
 
 module.exports = {
diff --git a/server/handlers/links.handler.js b/server/handlers/links.handler.js
index 93a0a6489..d2c2764da 100644
--- a/server/handlers/links.handler.js
+++ b/server/handlers/links.handler.js
@@ -458,7 +458,7 @@ async function ban(req, res) {
 
 async function redirect(req, res, next) {
   const isPreservedUrl = utils.preservedURLs.some(
-    item => item === req.path.replace("/", "")
+    item => item === req.path.replace(env.BASE_PATH, "")
   );
 
   if (isPreservedUrl) return next();
@@ -480,12 +480,12 @@ async function redirect(req, res, next) {
   // 3. When no link, if has domain redirect to domain's homepage
   // otherwise redirect to 404
   if (!link) {
-    return res.redirect(domain?.homepage || "/404");
+    return res.redirect(domain?.homepage || utils.getPath('/404'));
   }
 
   // 4. If link is banned, redirect to banned page.
   if (link.banned) {
-    return res.redirect("/banned");
+  return res.redirect(utils.getPath("/banned"));
   }
 
   // 5. If wants to see link info, then redirect
@@ -594,7 +594,7 @@ async function redirectCustomDomainHomepage(req, res, next) {
   const path = req.path;
   const pathName = path.replace("/", "").split("/")[0];
   if (
-    path === "/" ||
+    path === env.BASE_PATH ||
     utils.preservedURLs.includes(pathName)
   ) {
     const domain = await query.domain.find({ address: host });
@@ -618,7 +618,7 @@ async function stats(req, res) {
 
   if (!link) {
     if (req.isHTML) {
-      res.setHeader("HX-Redirect", "/404");
+      res.setHeader("HX-Redirect", utils.getPath("/404"));
       res.status(200).send("");
       return;
     }
diff --git a/server/handlers/locals.handler.js b/server/handlers/locals.handler.js
index 7b1b4ab25..f39a9c1e3 100644
--- a/server/handlers/locals.handler.js
+++ b/server/handlers/locals.handler.js
@@ -30,6 +30,7 @@ function config(req, res, next) {
   res.locals.mail_enabled = env.MAIL_ENABLED;
   res.locals.report_email = env.REPORT_EMAIL;
   res.locals.custom_styles = utils.getCustomCSSFileNames();
+  res.locals.base_path = env.BASE_PATH;
   next();
 }
 
diff --git a/server/handlers/renders.handler.js b/server/handlers/renders.handler.js
index 79058fdb4..1f0ce7f8e 100644
--- a/server/handlers/renders.handler.js
+++ b/server/handlers/renders.handler.js
@@ -10,7 +10,7 @@ const env = require("../env");
 
 async function homepage(req, res) {
   if (env.DISALLOW_ANONYMOUS_LINKS && !req.user) {
-    res.redirect("/login");
+    res.redirect(utils.getPath("/login"));
     return;
   }
   res.render("homepage", {
@@ -20,7 +20,7 @@ async function homepage(req, res) {
 
 async function login(req, res) {
   if (req.user) {
-    res.redirect("/");
+    res.redirect(utils.getPath("/"));
     return;
   }
   
@@ -39,7 +39,7 @@ function logout(req, res) {
 async function createAdmin(req, res) {
   const isThereAUser = await query.user.findAny();
   if (isThereAUser) {
-    res.redirect("/login");
+    res.redirect(utils.getPath("/login"));
     return;
   }
   res.render("create_admin", {
@@ -79,7 +79,7 @@ async function banned(req, res) {
 
 async function report(req, res) {
   if (!env.REPORT_EMAIL) {
-    res.redirect("/");
+    res.redirect(utils.getPath("/"));
     return;
   }
   res.render("report", {
diff --git a/server/mail/mail.js b/server/mail/mail.js
index 93e5304d7..d4f231322 100644
--- a/server/mail/mail.js
+++ b/server/mail/mail.js
@@ -35,14 +35,17 @@ if (env.MAIL_ENABLED) {
   resetEmailTemplate = fs
     .readFileSync(resetEmailTemplatePath, { encoding: "utf-8" })
     .replace(/{{domain}}/gm, env.DEFAULT_DOMAIN)
+    .replace(/{{base_path}}/gm, env.BASE_PATH)
     .replace(/{{site_name}}/gm, env.SITE_NAME);
   verifyEmailTemplate = fs
     .readFileSync(verifyEmailTemplatePath, { encoding: "utf-8" })
     .replace(/{{domain}}/gm, env.DEFAULT_DOMAIN)
+    .replace(/{{base_path}}/gm, env.BASE_PATH)
     .replace(/{{site_name}}/gm, env.SITE_NAME);
   changeEmailTemplate = fs
     .readFileSync(changeEmailTemplatePath, { encoding: "utf-8" })
     .replace(/{{domain}}/gm, env.DEFAULT_DOMAIN)
+    .replace(/{{base_path}}/gm, env.BASE_PATH)
     .replace(/{{site_name}}/gm, env.SITE_NAME);
 }
 
diff --git a/server/mail/template-reset.html b/server/mail/template-reset.html
index dc247beb7..ae1eab8e4 100644
--- a/server/mail/template-reset.html
+++ b/server/mail/template-reset.html
@@ -457,7 +457,7 @@
                         >
                           <!--[if mso]><table width="100%" cellpadding="0" cellspacing="0" border="0" style="border-spacing: 0; border-collapse: collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;"><tr><td style="padding-right: 30px; padding-left: 30px; padding-top:30px; padding-bottom:30px;" align="left"><v:roundrect xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" href="http://{{domain}}/reset-password/{{resetpassword}}" style="height:31pt; v-text-anchor:middle; width:81pt;" arcsize="143%" strokecolor="#2196F3" fillcolor="#2196F3"><w:anchorlock/><v:textbox inset="0,0,0,0"><center style="color:#ffffff; font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif; font-size:16px;"><![endif]-->
                           <a
-                            href="https://{{domain}}/reset-password/{{resetpassword}}"
+                            href="https://{{domain}}{{base_path}}/reset-password/{{resetpassword}}"
                             target="_blank"
                             style="display: block;text-decoration: none;-webkit-text-size-adjust: none;text-align: center;color: #ffffff; background-color: #2196F3; border-radius: 60px; -webkit-border-radius: 60px; -moz-border-radius: 60px; max-width: 128px; width: 48px;width: auto; border-top: 0px solid transparent; border-right: 0px solid transparent; border-bottom: 0px solid transparent; border-left: 0px solid transparent; padding-top: 5px; padding-right: 30px; padding-bottom: 5px; padding-left: 30px; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif;mso-border-alt: none"
                           >
@@ -478,7 +478,7 @@
                             <span style="font-size:14px; line-height:25px;">
                               <a
                                 style="color:#0068A5;text-decoration: underline;"
-                                href="https://{{domain}}"
+                                href="https://{{domain}}{{base_path}}"
                                 target="_blank"
                                 rel="noopener"
                                 data-mce-selected="1"
diff --git a/server/server.js b/server/server.js
index 606ed0e11..38a58c3d6 100644
--- a/server/server.js
+++ b/server/server.js
@@ -1,4 +1,5 @@
 const env = require("./env");
+const { Router } = require("express");
 
 const cookieParser = require("cookie-parser");
 const passport = require("passport");
@@ -40,10 +41,13 @@ app.use(cookieParser());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 
+const router = Router();
+
 // serve static
-app.use("/images", express.static("custom/images"));
-app.use("/css", express.static("custom/css", { extensions: ["css"] }));
-app.use(express.static("static"));
+router.use("/images", express.static("custom/images"));
+router.use("/css", express.static("custom/css", { extensions: ["css"] }));
+router.use(express.static("static"));
+router.use(express.static("static"));
 
 app.use(passport.initialize());
 app.use(locals.isHTML);
@@ -59,21 +63,23 @@ app.set("views", [
 utils.registerHandlebarsHelpers();
 
 // if is custom domain, redirect to the set homepage
-app.use(asyncHandler(links.redirectCustomDomainHomepage));
+router.use(asyncHandler(links.redirectCustomDomainHomepage));
 
 // render html pages
-app.use("/", routes.render);
+router.use("/", routes.render);
 
 // handle api requests
-app.use("/api/v2", routes.api);
-app.use("/api", routes.api);
+router.use("/api/v2", routes.api);
+router.use("/api", routes.api);
 
-// finally, redirect the short link to the target
-app.get("/:id", asyncHandler(links.redirect));
+// redirect the short link to the target
+router.get("/:id", asyncHandler(links.redirect));
 
-// 404 pages that don't exist
-app.get("*", renders.notFound);
+// finally, 404 pages that don't exist
+router.get("*", renders.notFound);
 
+// configure to run on the specified base path
+app.use(env.BASE_PATH, router);
 // handle errors coming from above routes
 app.use(helpers.error);
   
diff --git a/server/utils/utils.js b/server/utils/utils.js
index 7981e0d24..c7052af88 100644
--- a/server/utils/utils.js
+++ b/server/utils/utils.js
@@ -74,7 +74,7 @@ function addProtocol(url) {
 
 function getShortURL(address, domain) {
   const protocol = (env.CUSTOM_DOMAIN_USE_HTTPS || !domain) && !env.isDev ? "https://" : "http://";
-  const link = `${domain || env.DEFAULT_DOMAIN}/${address}`;
+  const link = `${domain || env.DEFAULT_DOMAIN}${!!env.DEFAULT_DOMAIN ? env.BASE_PATH : ''}/${address}`;
   const url = `${protocol}${link}`;
   return { address, link, url };
 }
@@ -185,6 +185,10 @@ const preservedURLs = [
   "pricing"
 ];
 
+function getPath(path) {
+  return `${env.BASE_PATH}${path}`;
+}
+
 function parseBooleanQuery(query) {
   if (query === "true" || query === true) return true;
   if (query === "false" || query === false) return false;
@@ -410,6 +414,7 @@ module.exports = {
   parseDatetime,
   parseTimestamps,
   preservedURLs,
+  getPath,
   registerHandlebarsHelpers,
   removeWww,
   sanitize,
diff --git a/server/views/404.hbs b/server/views/404.hbs
index 43ac87190..aa6e2a3d1 100644
--- a/server/views/404.hbs
+++ b/server/views/404.hbs
@@ -3,7 +3,7 @@
   <h2>
     404 | Link could not be found.
   </h2>
-  <a class="back-to-home" href="/">
+  <a class="back-to-home" href="./">
     ← Back to homepage
   </a>
 </div>
diff --git a/server/views/banned.hbs b/server/views/banned.hbs
index a2434f312..f134c73cd 100644
--- a/server/views/banned.hbs
+++ b/server/views/banned.hbs
@@ -6,7 +6,7 @@
   </h2>
   <h4>
     If you noticed a malware/scam link shortened by {{default_domain}}, 
-    <a href="/report" title="Send report">
+    <a href="./report" title="Send report">
       send us a report
     </a>.
   </h4>
diff --git a/server/views/error.hbs b/server/views/error.hbs
index 9b6d95224..bc37f8a7a 100644
--- a/server/views/error.hbs
+++ b/server/views/error.hbs
@@ -4,7 +4,7 @@
     Error!
   </h2>
   <p>{{message}}</p>
-  <a class="back-to-home" href="/">
+  <a class="back-to-home" href="./">
     ← Back to homepage
   </a>
 </div>
diff --git a/server/views/layout.hbs b/server/views/layout.hbs
index 814339cc6..4bedcf5b2 100644
--- a/server/views/layout.hbs
+++ b/server/views/layout.hbs
@@ -3,29 +3,29 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
-  <link rel="icon" sizes="196x196" href="/images/favicon-196x196.png" />
-  <link rel="icon" sizes="32x32" href="/images/favicon-32x32.png" />
-  <link rel="icon" sizes="16x16" href="/images/favicon-16x16.png" />
-  <link rel="apple-touch-icon" href="/images/favicon-196x196.png" />
-  <link rel="mask-icon" href="/images/icon.svg" color="blue" />
-  <link rel="manifest" href="/manifest.webmanifest" />
+  <link rel="icon" sizes="196x196" href="./images/favicon-196x196.png" />
+  <link rel="icon" sizes="32x32" href="./images/favicon-32x32.png" />
+  <link rel="icon" sizes="16x16" href="./images/favicon-16x16.png" />
+  <link rel="apple-touch-icon" href="./images/favicon-196x196.png" />
+  <link rel="mask-icon" href="./images/icon.svg" color="blue" />
+  <link rel="manifest" href="./manifest.webmanifest" />
   <meta name="theme-color" content="#f3f3f3" />
   <meta property="fb:app_id" content="123456789" />
   <meta name="htmx-config" content='{"withCredentials":true}'>
-  <meta property="og:url" content="https://{{default_domain}}" />
+  <meta property="og:url" content="https://{{default_domain}}{{base_path}}" />
   <meta property="og:type" content="website" />
   <meta property="og:title" content="{{site_name}}" />
-  <meta property="og:image" content="https://{{default_domain}}/images/card.png" />
+  <meta property="og:image" content="https://{{default_domain}}{{base_path}}/images/card.png" />
   <meta property="og:description" content="Free & Open Source Modern URL Shortener" />
-  <meta name="twitter:url" content="https://{{default_domain}}" />
+  <meta name="twitter:url" content="https://{{default_domain}}{{base_path}}" />
   <meta name="twitter:title" content="{{site_name}}" />
   <meta name="twitter:description" content="Free & Open Source Modern URL Shortener" />
-  <meta name="twitter:image" content="https://{{default_domain}}/images/card.png" />
+  <meta name="twitter:image" content="https://{{default_domain}}{{base_path}}/images/card.png" />
   <meta name="description" content="{{site_name}} is a free and open source URL shortener with custom domains and stats." />
   <title>{{site_name}} | {{title}}</title>
-  <link rel="stylesheet" href="/css/styles.css">
+  <link rel="stylesheet" href="./css/styles.css">
   {{#each custom_styles}}
-    <link rel="stylesheet" href="/css/{{this}}">
+    <link rel="stylesheet" href="./css/{{this}}">
   {{/each}}
   {{{block "stylesheets"}}}
 </head>
@@ -35,8 +35,8 @@
   </div>
 
   {{{block "scripts"}}}
-  <script src="/libs/htmx.min.js"></script>
-  <script src="/libs/qrcode.min.js"></script>
-  <script src="/scripts/main.js"></script>
+  <script src="./libs/htmx.min.js"></script>
+  <script src="./libs/qrcode.min.js"></script>
+  <script src="./scripts/main.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/server/views/logout.hbs b/server/views/logout.hbs
index 49ea74b2e..291488d20 100644
--- a/server/views/logout.hbs
+++ b/server/views/logout.hbs
@@ -1,5 +1,5 @@
 {{> header}}
-<div class="login-signup-message" hx-get="/" hx-trigger="load delay:1s" hx-target="body" hx-push-url="/">
+<div class="login-signup-message" hx-get="./" hx-trigger="load delay:1s" hx-target="body" hx-push-url="./">
   <h1>
     Logged out. Redirecting to homepage...
   </h1>
diff --git a/server/views/partials/admin/dialog/add_domain.hbs b/server/views/partials/admin/dialog/add_domain.hbs
index 2b5b5c14c..5d163030d 100644
--- a/server/views/partials/admin/dialog/add_domain.hbs
+++ b/server/views/partials/admin/dialog/add_domain.hbs
@@ -2,7 +2,7 @@
   <h2>Add domain</h2>
   <form
     id="add-domain-form"
-    hx-post="/api/domains/admin" 
+    hx-post="./api/domains/admin" 
     hx-target="closest .content" 
     hx-swap="outerHTML" 
     hx-indicator="closest .content"
diff --git a/server/views/partials/admin/dialog/ban_domain.hbs b/server/views/partials/admin/dialog/ban_domain.hbs
index 6509dc16d..93f6fcf7f 100644
--- a/server/views/partials/admin/dialog/ban_domain.hbs
+++ b/server/views/partials/admin/dialog/ban_domain.hbs
@@ -22,7 +22,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-post="/api/domains/admin/ban/{id}" 
+      hx-post="./api/domains/admin/ban/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/admin/dialog/ban_user.hbs b/server/views/partials/admin/dialog/ban_user.hbs
index f75b16744..c172f8bae 100644
--- a/server/views/partials/admin/dialog/ban_user.hbs
+++ b/server/views/partials/admin/dialog/ban_user.hbs
@@ -18,7 +18,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-post="/api/users/admin/ban/{id}" 
+      hx-post="./api/users/admin/ban/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/admin/dialog/create_user.hbs b/server/views/partials/admin/dialog/create_user.hbs
index 8d0dcca6e..46555e849 100644
--- a/server/views/partials/admin/dialog/create_user.hbs
+++ b/server/views/partials/admin/dialog/create_user.hbs
@@ -2,7 +2,7 @@
   <h2>Create user</h2>
   <form
     id="create-user-form"
-    hx-post="/api/users/admin" 
+    hx-post="./api/users/admin" 
     hx-target="closest .content" 
     hx-swap="outerHTML" 
     hx-indicator="closest .content"
diff --git a/server/views/partials/admin/dialog/delete_domain.hbs b/server/views/partials/admin/dialog/delete_domain.hbs
index 993f7c88d..1db359692 100644
--- a/server/views/partials/admin/dialog/delete_domain.hbs
+++ b/server/views/partials/admin/dialog/delete_domain.hbs
@@ -16,7 +16,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-delete="/api/domains/admin/{id}" 
+      hx-delete="./api/domains/admin/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/admin/dialog/delete_user.hbs b/server/views/partials/admin/dialog/delete_user.hbs
index 2bfa3b405..04aac1b2f 100644
--- a/server/views/partials/admin/dialog/delete_user.hbs
+++ b/server/views/partials/admin/dialog/delete_user.hbs
@@ -9,7 +9,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-delete="/api/users/admin/{id}" 
+      hx-delete="./api/users/admin/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/admin/domains/actions.hbs b/server/views/partials/admin/domains/actions.hbs
index 7dc944723..ad02ebae0 100644
--- a/server/views/partials/admin/domains/actions.hbs
+++ b/server/views/partials/admin/domains/actions.hbs
@@ -8,7 +8,7 @@
     <button 
       class="action ban" 
       hx-on:click='openDialog("admin-table-dialog")' 
-      hx-get="/confirm-domain-ban" 
+      hx-get="./confirm-domain-ban" 
       hx-target="#admin-table-dialog .content-wrapper" 
       hx-indicator="#admin-table-dialog" 
       hx-vals='{"id":"{{id}}"}'
@@ -19,7 +19,7 @@
   <button 
     class="action delete" 
     hx-on:click='openDialog("admin-table-dialog")' 
-    hx-get="/confirm-domain-delete-admin" 
+    hx-get="./confirm-domain-delete-admin" 
     hx-target="#admin-table-dialog .content-wrapper" 
     hx-indicator="#admin-table-dialog" 
     hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/admin/domains/table.hbs b/server/views/partials/admin/domains/table.hbs
index 111f1fd01..ea0c57df0 100644
--- a/server/views/partials/admin/domains/table.hbs
+++ b/server/views/partials/admin/domains/table.hbs
@@ -1,5 +1,5 @@
 <table 
-  hx-get="/api/domains/admin"
+  hx-get="./api/domains/admin"
   hx-target="tbody"
   hx-swap="outerHTML" 
   hx-select="tbody"
diff --git a/server/views/partials/admin/domains/thead.hbs b/server/views/partials/admin/domains/thead.hbs
index 1e36cad58..3dad456c3 100644
--- a/server/views/partials/admin/domains/thead.hbs
+++ b/server/views/partials/admin/domains/thead.hbs
@@ -66,7 +66,7 @@
         <button 
           class="table primary"
           hx-on:click='openDialog("admin-table-dialog")' 
-          hx-get="/add-domain" 
+          hx-get="./add-domain" 
           hx-target="#admin-table-dialog .content-wrapper" 
           hx-indicator="#admin-table-dialog"
         >
diff --git a/server/views/partials/admin/domains/tr.hbs b/server/views/partials/admin/domains/tr.hbs
index cf86f5406..1458209eb 100644
--- a/server/views/partials/admin/domains/tr.hbs
+++ b/server/views/partials/admin/domains/tr.hbs
@@ -10,7 +10,7 @@
         <a 
           aria-label="View user" 
           data-tooltip="View user" 
-          hx-get="/api/users/admin"
+          hx-get="./api/users/admin"
           hx-target="closest table"
           hx-swap="outerHTML" 
           hx-sync="this:replace"
@@ -26,7 +26,7 @@
           <a 
             aria-label="View domains" 
             data-tooltip="View domains" 
-            hx-get="/api/domains/admin"
+            hx-get="./api/domains/admin"
             hx-target="closest table"
             hx-swap="outerHTML" 
             hx-sync="this:replace"
@@ -40,7 +40,7 @@
         <a 
           aria-label="View system domains" 
           data-tooltip="View system domains" 
-          hx-get="/api/domains/admin"
+          hx-get="./api/domains/admin"
           hx-target="closest table"
           hx-swap="outerHTML" 
           hx-sync="this:replace"
@@ -72,7 +72,7 @@
       <a
         data-tooltip="View links"
         aria-label="View links"
-        hx-get="/api/links/admin"
+        hx-get="./api/links/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-sync="this:replace"
diff --git a/server/views/partials/admin/links/actions.hbs b/server/views/partials/admin/links/actions.hbs
index 4404b38e8..60686f4fc 100644
--- a/server/views/partials/admin/links/actions.hbs
+++ b/server/views/partials/admin/links/actions.hbs
@@ -11,7 +11,7 @@
   {{/if}}
   <a
     class="button action stats"
-    href="/stats?id={{id}}"
+    href="./stats?id={{id}}"
     title="Stats"
     class="action stats"
   >
@@ -28,7 +28,7 @@
     class="action edit"
     hx-trigger="click queue:none"
     hx-ext="path-params"
-    hx-get="/admin/link/edit/{id}" 
+    hx-get="./admin/link/edit/{id}" 
     hx-vals='{"id":"{{id}}"}'
     hx-swap="beforeend"
     hx-target="next tr.edit"
@@ -50,7 +50,7 @@
     <button 
       class="action ban" 
       hx-on:click='openDialog("admin-table-dialog")' 
-      hx-get="/confirm-link-ban" 
+      hx-get="./confirm-link-ban" 
       hx-target="#admin-table-dialog .content-wrapper" 
       hx-indicator="#admin-table-dialog" 
       hx-vals='{"id":"{{id}}"}'
@@ -61,7 +61,7 @@
   <button 
     class="action delete" 
     hx-on:click='openDialog("admin-table-dialog")' 
-    hx-get="/confirm-link-delete" 
+    hx-get="./confirm-link-delete" 
     hx-target="#admin-table-dialog .content-wrapper" 
     hx-indicator="#admin-table-dialog" 
     hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/admin/links/edit.hbs b/server/views/partials/admin/links/edit.hbs
index 24198d6ee..dd037a7a6 100644
--- a/server/views/partials/admin/links/edit.hbs
+++ b/server/views/partials/admin/links/edit.hbs
@@ -2,7 +2,7 @@
   {{#if id}}
     <form 
       id="edit-form-{{id}}"
-      hx-patch="/api/links/admin/{id}"
+      hx-patch="./api/links/admin/{id}"
       hx-ext="path-params"
       hx-vals='{"id":"{{id}}"}' 
       hx-select="form"
diff --git a/server/views/partials/admin/links/table.hbs b/server/views/partials/admin/links/table.hbs
index 0538e19d2..5c6982da0 100644
--- a/server/views/partials/admin/links/table.hbs
+++ b/server/views/partials/admin/links/table.hbs
@@ -1,5 +1,5 @@
 <table 
-  hx-get="/api/links/admin"
+  hx-get="./api/links/admin"
   hx-target="tbody"
   hx-swap="outerHTML" 
   hx-select="tbody"
diff --git a/server/views/partials/admin/links/tr.hbs b/server/views/partials/admin/links/tr.hbs
index 63c67eed7..566e24b4c 100644
--- a/server/views/partials/admin/links/tr.hbs
+++ b/server/views/partials/admin/links/tr.hbs
@@ -9,7 +9,7 @@
         <a 
           aria-label="View user" 
           data-tooltip="View user" 
-          hx-get="/api/users/admin"
+          hx-get="./api/users/admin"
           hx-target="closest table"
           hx-swap="outerHTML" 
           hx-sync="this:replace"
@@ -25,7 +25,7 @@
           <a 
             aria-label="View links by this user" 
             data-tooltip="View links by this user" 
-            hx-get="/api/links/admin"
+            hx-get="./api/links/admin"
             hx-target="closest table"
             hx-swap="outerHTML" 
             hx-sync="this:replace"
@@ -39,7 +39,7 @@
         <a 
           aria-label="View anonymous links" 
           data-tooltip="View anonymous links" 
-          hx-get="/api/links/admin"
+          hx-get="./api/links/admin"
           hx-target="closest table"
           hx-swap="outerHTML" 
           hx-sync="this:replace"
@@ -78,7 +78,7 @@
       <a 
         aria-label="View links by this domain" 
         data-tooltip="View links by this domain" 
-        hx-get="/api/links/admin"
+        hx-get="./api/links/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-sync="this:replace"
diff --git a/server/views/partials/admin/table_tab.hbs b/server/views/partials/admin/table_tab.hbs
index 607f9e58e..d3914b416 100644
--- a/server/views/partials/admin/table_tab.hbs
+++ b/server/views/partials/admin/table_tab.hbs
@@ -9,7 +9,7 @@
       <a 
         id="tab-links" 
         role="tab" 
-        hx-get="/api/links/admin"
+        hx-get="./api/links/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-disinherit="*"
@@ -26,7 +26,7 @@
       <a 
         id="tab-users" 
         role="tab" 
-        hx-get="/api/users/admin"
+        hx-get="./api/users/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-disinherit="*"
@@ -43,7 +43,7 @@
        <a 
         id="tab-domains" 
         role="tab" 
-        hx-get="/api/domains/admin"
+        hx-get="./api/domains/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-disinherit="*"
diff --git a/server/views/partials/admin/users/actions.hbs b/server/views/partials/admin/users/actions.hbs
index d6bcdacd7..7b935dc77 100644
--- a/server/views/partials/admin/users/actions.hbs
+++ b/server/views/partials/admin/users/actions.hbs
@@ -8,7 +8,7 @@
     <button 
       class="action ban" 
       hx-on:click='openDialog("admin-table-dialog")' 
-      hx-get="/confirm-user-ban" 
+      hx-get="./confirm-user-ban" 
       hx-target="#admin-table-dialog .content-wrapper" 
       hx-indicator="#admin-table-dialog" 
       hx-vals='{"id":"{{id}}"}'
@@ -19,7 +19,7 @@
   <button 
     class="action delete" 
     hx-on:click='openDialog("admin-table-dialog")' 
-    hx-get="/confirm-user-delete" 
+    hx-get="./confirm-user-delete" 
     hx-target="#admin-table-dialog .content-wrapper" 
     hx-indicator="#admin-table-dialog" 
     hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/admin/users/table.hbs b/server/views/partials/admin/users/table.hbs
index 6ee1584b4..7e65a4307 100644
--- a/server/views/partials/admin/users/table.hbs
+++ b/server/views/partials/admin/users/table.hbs
@@ -1,5 +1,5 @@
 <table 
-  hx-get="/api/users/admin"
+  hx-get="./api/users/admin"
   hx-target="tbody"
   hx-swap="outerHTML" 
   hx-select="tbody"
diff --git a/server/views/partials/admin/users/thead.hbs b/server/views/partials/admin/users/thead.hbs
index 330c41dd6..b9f18e5e1 100644
--- a/server/views/partials/admin/users/thead.hbs
+++ b/server/views/partials/admin/users/thead.hbs
@@ -56,7 +56,7 @@
         <button 
           class="table primary"
           hx-on:click='openDialog("admin-table-dialog")' 
-          hx-get="/create-user" 
+          hx-get="./create-user" 
           hx-target="#admin-table-dialog .content-wrapper" 
           hx-indicator="#admin-table-dialog"
         >
diff --git a/server/views/partials/admin/users/tr.hbs b/server/views/partials/admin/users/tr.hbs
index 1019984ad..6a3937914 100644
--- a/server/views/partials/admin/users/tr.hbs
+++ b/server/views/partials/admin/users/tr.hbs
@@ -9,7 +9,7 @@
         <a
           aria-label="View domains" 
           data-tooltip="View domains" 
-          hx-get="/api/domains/admin"
+          hx-get="./api/domains/admin"
           hx-target="closest table"
           hx-swap="outerHTML" 
           hx-sync="this:replace"
@@ -48,7 +48,7 @@
       <a
         data-tooltip="View links"
         aria-label="View links"
-        hx-get="/api/links/admin"
+        hx-get="./api/links/admin"
         hx-target="closest table"
         hx-swap="outerHTML" 
         hx-sync="this:replace"
diff --git a/server/views/partials/auth/form.hbs b/server/views/partials/auth/form.hbs
index baf0f90bf..be0203700 100644
--- a/server/views/partials/auth/form.hbs
+++ b/server/views/partials/auth/form.hbs
@@ -1,4 +1,4 @@
-<form id="login-signup" hx-post="/api/auth/login" hx-swap="outerHTML">
+<form id="login-signup" hx-post="./api/auth/login" hx-swap="outerHTML">
   <label class="{{#if errors.email}}error{{/if}}">
     Email address:
     <input
@@ -36,7 +36,7 @@
         <button 
           type="button"
           class="secondary signup" 
-          hx-post="/api/auth/signup" 
+          hx-post="./api/auth/signup" 
           hx-target="#login-signup" 
           hx-trigger="click" 
           hx-indicator="#login-signup" 
@@ -53,7 +53,7 @@
     {{/unless}}
   </div>
   {{#if mail_enabled}}
-    <a class="forgot-password" href="/reset-password" title="Reset password">Forgot your password?</a>
+    <a class="forgot-password" href="./reset-password" title="Reset password">Forgot your password?</a>
   {{/if}}
   {{#unless errors}}
     {{#if error}}
diff --git a/server/views/partials/auth/form_admin.hbs b/server/views/partials/auth/form_admin.hbs
index c63ed79be..e2fdb4f29 100644
--- a/server/views/partials/auth/form_admin.hbs
+++ b/server/views/partials/auth/form_admin.hbs
@@ -1,4 +1,4 @@
-<form id="login-signup" hx-post="/api/auth/create-admin" hx-swap="outerHTML">
+<form id="login-signup" hx-post="./api/auth/create-admin" hx-swap="outerHTML">
   <h2 class="admin-form-title">
     Create an Admin account first:
   </h2>
diff --git a/server/views/partials/auth/welcome.hbs b/server/views/partials/auth/welcome.hbs
index 5c9600bee..38700fb10 100644
--- a/server/views/partials/auth/welcome.hbs
+++ b/server/views/partials/auth/welcome.hbs
@@ -1,4 +1,4 @@
-<div class="login-signup-message" hx-get="/" hx-trigger="load delay:1s" hx-target="body" hx-push-url="/">
+<div class="login-signup-message" hx-get="./" hx-trigger="load delay:1s" hx-target="body" hx-push-url="./">
   <h1>
     Welcome. Redirecting to homepage...
   </h1>
diff --git a/server/views/partials/footer.hbs b/server/views/partials/footer.hbs
index adc6fc48a..e64dc12bc 100644
--- a/server/views/partials/footer.hbs
+++ b/server/views/partials/footer.hbs
@@ -1,14 +1,14 @@
 <footer>
   <p>
     Powered by <a href="https://github.com/thedevs-network/kutt" title="The Devs" target="_blank" rel="noopener noreferrer">Kutt</a> <span>|</span> 
-    <a href="/terms" title="Terms of Service">Terms of Service</a>
+    <a href="./terms" title="Terms of Service">Terms of Service</a>
     {{#if report_email}} 
      <span>|</span>
-     <a href="/report" title="Report abuse">Report Abuse</a>
+     <a href="./report" title="Report abuse">Report Abuse</a>
     {{/if}}
     {{#if contact_email}}
       <span>|</span> 
-      <button class="link" hx-get="/get-support-email" hx-swap="outerHTML">
+      <button class="link" hx-get="./get-support-email" hx-swap="outerHTML">
         <span>{{> icons/spinner}}</span>
         Contact us
       </button>
diff --git a/server/views/partials/header.hbs b/server/views/partials/header.hbs
index e032a42bd..4fa4f6f5a 100644
--- a/server/views/partials/header.hbs
+++ b/server/views/partials/header.hbs
@@ -1,7 +1,7 @@
 <header>
   <div class="logo-wrapper">
-    <a class="logo nav" href="/" title="Homepage">
-      <img src="/images/logo.png" alt="kutt" width="18" height="24" />
+    <a class="logo nav" href="./" title="Homepage">
+      <img src="./images/logo.png" alt="kutt" width="18" height="24" />
       {{site_name}}
     </a>
     <ul class="logo-links">
@@ -12,7 +12,7 @@
       </li>
       {{#if report_email}}
         <li>
-          <a class="nav" href="/report" title="Report abuse">
+          <a class="nav" href="./report" title="Report abuse">
             Report
           </a>
         </li>
@@ -23,28 +23,28 @@
     <ul>
       {{#unless user}}
         <li>
-          <a class="button primary" href="/login" title="Log in or sign up">
+          <a class="button primary" href="./login" title="Log in or sign up">
             Log in / Sign up
           </a>
         </li>
       {{/unless}}
       {{#if user}}
         <li>
-          <a class="button primary" href="/settings" title="Settings">
+          <a class="button primary" href="./settings" title="Settings">
             <span>{{> icons/cog}}</span>
             Settings
           </a>
         </li>
         {{#if isAdmin}}
           <li>
-            <a class="button secondary" href="/admin" title="Admin">
+            <a class="button secondary" href="./admin" title="Admin">
               <span>{{> icons/shield}}</span>
               Admin
             </a>
           </li>
         {{/if}}
         <li>
-          <a class="nav" href="/logout" title="Log out">
+          <a class="nav" href="./logout" title="Log out">
             Log out
           </a>
         </li>
diff --git a/server/views/partials/links/actions.hbs b/server/views/partials/links/actions.hbs
index 6599630e0..0ec041f1a 100644
--- a/server/views/partials/links/actions.hbs
+++ b/server/views/partials/links/actions.hbs
@@ -11,7 +11,7 @@
   {{/if}}
   <a
     class="button action stats"
-    href="/stats?id={{id}}"
+    href="./stats?id={{id}}"
     title="Stats"
     class="action stats"
   >
@@ -28,7 +28,7 @@
     class="action edit"
     hx-trigger="click queue:none"
     hx-ext="path-params"
-    hx-get="/link/edit/{id}" 
+    hx-get="./link/edit/{id}" 
     hx-vals='{"id":"{{id}}"}'
     hx-swap="beforeend"
     hx-target="next tr.edit"
@@ -49,7 +49,7 @@
   <button 
     class="action delete" 
     hx-on:click='openDialog("link-dialog")' 
-    hx-get="/confirm-link-delete" 
+    hx-get="./confirm-link-delete" 
     hx-target="#link-dialog .content-wrapper" 
     hx-indicator="#link-dialog" 
     hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/links/dialog/ban.hbs b/server/views/partials/links/dialog/ban.hbs
index 5fb5881b5..d07b04f98 100644
--- a/server/views/partials/links/dialog/ban.hbs
+++ b/server/views/partials/links/dialog/ban.hbs
@@ -26,7 +26,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-post="/api/links/admin/ban/{id}" 
+      hx-post="./api/links/admin/ban/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/links/dialog/delete.hbs b/server/views/partials/links/dialog/delete.hbs
index 96e05cbdc..964c32e10 100644
--- a/server/views/partials/links/dialog/delete.hbs
+++ b/server/views/partials/links/dialog/delete.hbs
@@ -8,7 +8,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-delete="/api/links/{id}" 
+      hx-delete="./api/links/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/links/edit.hbs b/server/views/partials/links/edit.hbs
index 5529c7405..f13008c7e 100644
--- a/server/views/partials/links/edit.hbs
+++ b/server/views/partials/links/edit.hbs
@@ -2,7 +2,7 @@
   {{#if id}}
     <form 
       id="edit-form-{{id}}"
-      hx-patch="/api/links/{id}"
+      hx-patch="./api/links/{id}"
       hx-ext="path-params"
       hx-vals='{"id":"{{id}}"}' 
       hx-select="form"
diff --git a/server/views/partials/links/table.hbs b/server/views/partials/links/table.hbs
index f7c4201ba..17b4aa473 100644
--- a/server/views/partials/links/table.hbs
+++ b/server/views/partials/links/table.hbs
@@ -1,7 +1,7 @@
 <section id="main-table-wrapper">
   <h2>Recent shortened links.</h2>
   <table 
-    hx-get="/api/links"
+    hx-get="./api/links"
     hx-target="tbody"
     hx-swap="outerHTML" 
     hx-select="tbody"
diff --git a/server/views/partials/protected/form.hbs b/server/views/partials/protected/form.hbs
index af28f5b01..043da573a 100644
--- a/server/views/partials/protected/form.hbs
+++ b/server/views/partials/protected/form.hbs
@@ -1,6 +1,6 @@
 <form
   id="report-form"
-  hx-post="/api/links/{id}/protected"
+  hx-post="{{base_path}}/api/links/{id}/protected"
   hx-sync="this:abort"
   hx-ext="path-params"
   hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/report/email.hbs b/server/views/partials/report/email.hbs
index 751bdb868..fb66f143c 100644
--- a/server/views/partials/report/email.hbs
+++ b/server/views/partials/report/email.hbs
@@ -2,7 +2,7 @@
   {{#unless report_email_address}}
     <button 
       class="link"
-      hx-get="/get-report-email"
+      hx-get="./get-report-email"
       hx-sync="this:abort"
       hx-swap="innerHTML"
       hx-target="#report-email"
diff --git a/server/views/partials/report/form.hbs b/server/views/partials/report/form.hbs
index f1f7ffc0b..c221a566b 100644
--- a/server/views/partials/report/form.hbs
+++ b/server/views/partials/report/form.hbs
@@ -1,6 +1,6 @@
 <form
   id="report-form"
-  hx-post="/api/links/report"
+  hx-post="./api/links/report"
   hx-sync="this:abort"
   hx-swap="outerHTML"
 > 
diff --git a/server/views/partials/reset_password/new_password_form.hbs b/server/views/partials/reset_password/new_password_form.hbs
index 3f4e9a466..4d10619c5 100644
--- a/server/views/partials/reset_password/new_password_form.hbs
+++ b/server/views/partials/reset_password/new_password_form.hbs
@@ -1,7 +1,7 @@
 <form
     id="new-password-form"
     class="htmx-spinner"
-    hx-post="/api/auth/new-password"
+    hx-post="./api/auth/new-password"
     hx-vals='{"reset_password_token":"{{reset_password_token}}"}'
     hx-sync="this:abort"
     hx-swap="outerHTML"
diff --git a/server/views/partials/reset_password/new_password_success.hbs b/server/views/partials/reset_password/new_password_success.hbs
index cbdc56411..3edc4d560 100644
--- a/server/views/partials/reset_password/new_password_success.hbs
+++ b/server/views/partials/reset_password/new_password_success.hbs
@@ -2,4 +2,4 @@
   Your password is updated successfully. 
   You can now log in with your new password.
 </p>
-<a href="/login" title="Log in">Log in →</a>
\ No newline at end of file
+<a href="./login" title="Log in">Log in →</a>
\ No newline at end of file
diff --git a/server/views/partials/reset_password/request_form.hbs b/server/views/partials/reset_password/request_form.hbs
index cac62f3c6..6568e6c48 100644
--- a/server/views/partials/reset_password/request_form.hbs
+++ b/server/views/partials/reset_password/request_form.hbs
@@ -1,7 +1,7 @@
 <form
   id="reset-password-form"
   class="htmx-spinner"
-  hx-post="/api/auth/reset-password"
+  hx-post="./api/auth/reset-password"
   hx-sync="this:abort"
   hx-swap="outerHTML"
 > 
diff --git a/server/views/partials/settings/apikey.hbs b/server/views/partials/settings/apikey.hbs
index 765837b99..6e10884e1 100644
--- a/server/views/partials/settings/apikey.hbs
+++ b/server/views/partials/settings/apikey.hbs
@@ -33,7 +33,7 @@
     {{/if}}
   </div>
   <form 
-    hx-post="/api/auth/apikey"
+    hx-post="./api/auth/apikey"
     id="generate-apikey" 
     hx-target="#apikey-wrapper" 
     hx-swap="outerHTML"
diff --git a/server/views/partials/settings/change_email.hbs b/server/views/partials/settings/change_email.hbs
index 74944c18e..8a73440f8 100644
--- a/server/views/partials/settings/change_email.hbs
+++ b/server/views/partials/settings/change_email.hbs
@@ -5,14 +5,14 @@
   <p>Enter your password and a new email address to change your email address.</p>
   <form 
     id="change-email"
-    hx-post="/api/auth/change-email"
+    hx-post="./api/auth/change-email"
     hx-select="form"
     hx-swap="outerHTML"
     hx-sync="this:abort"
   >
     <div class="inputs">
       <label class="{{#if errors.password}}error{{/if}}">
-        Passwod:
+        Password:
         <input 
           id="password-for-change-email" 
           name="password" 
diff --git a/server/views/partials/settings/change_password.hbs b/server/views/partials/settings/change_password.hbs
index cc74a2ccc..0acf364f4 100644
--- a/server/views/partials/settings/change_password.hbs
+++ b/server/views/partials/settings/change_password.hbs
@@ -5,7 +5,7 @@
   <p>Enter your current password and a new password to change it to.</p>
   <form 
     id="change-password"
-    hx-post="/api/auth/change-password"
+    hx-post="./api/auth/change-password"
     hx-select="form"
     hx-swap="outerHTML"
     hx-sync="this:abort"
diff --git a/server/views/partials/settings/delete_account.hbs b/server/views/partials/settings/delete_account.hbs
index b2250ad47..7ece8390f 100644
--- a/server/views/partials/settings/delete_account.hbs
+++ b/server/views/partials/settings/delete_account.hbs
@@ -5,7 +5,7 @@
   <p>Delete your account from {{default_domain}}.</p>
   <form 
     id="delete-account"
-    hx-post="/api/users/delete"
+    hx-post="./api/users/delete"
     hx-select="form"
     hx-target="this"
     hx-swap="outerHTML"
diff --git a/server/views/partials/settings/domain/add_form.hbs b/server/views/partials/settings/domain/add_form.hbs
index 8de1d8bf5..7191614ee 100644
--- a/server/views/partials/settings/domain/add_form.hbs
+++ b/server/views/partials/settings/domain/add_form.hbs
@@ -1,6 +1,6 @@
 <form 
   id="add-domain"
-  hx-post="/api/domains"
+  hx-post="./api/domains"
   hx-sync="this:abort"
   hx-swap="outerHTML"
   hx-on::after-request="
diff --git a/server/views/partials/settings/domain/delete.hbs b/server/views/partials/settings/domain/delete.hbs
index 833f156f9..2f025854a 100644
--- a/server/views/partials/settings/domain/delete.hbs
+++ b/server/views/partials/settings/domain/delete.hbs
@@ -8,7 +8,7 @@
     <button 
       type="button"
       class="danger confirm" 
-      hx-delete="/api/domains/{id}" 
+      hx-delete="./api/domains/{id}" 
       hx-ext="path-params" 
       hx-vals='{"id":"{{id}}"}' 
       hx-target="closest .content" 
diff --git a/server/views/partials/settings/domain/index.hbs b/server/views/partials/settings/domain/index.hbs
index 92607a53a..a96442383 100644
--- a/server/views/partials/settings/domain/index.hbs
+++ b/server/views/partials/settings/domain/index.hbs
@@ -37,7 +37,7 @@
     type="button"
     class="secondary show-domain-form"
     hx-indicator=".add-domain-wrapper"
-    hx-get="/add-domain-form"
+    hx-get="./add-domain-form"
     hx-target="#domain-form-wrapper"
     hx-swap="innerHTML"
     hx-on::after-request="event.srcElement.classList.add('hidden')"
diff --git a/server/views/partials/settings/domain/table.hbs b/server/views/partials/settings/domain/table.hbs
index b8b046085..6f77c1b11 100644
--- a/server/views/partials/settings/domain/table.hbs
+++ b/server/views/partials/settings/domain/table.hbs
@@ -21,7 +21,7 @@
               type="button"
               class="action delete" 
               hx-on:click='openDialog("domain-dialog")' 
-              hx-get="/confirm-domain-delete" 
+              hx-get="./confirm-domain-delete" 
               hx-target="#domain-dialog .content-wrapper" 
               hx-indicator="#domain-dialog" 
               hx-vals='{"id":"{{id}}"}'
diff --git a/server/views/partials/shortener.hbs b/server/views/partials/shortener.hbs
index c9e5ecfb5..0781c616f 100644
--- a/server/views/partials/shortener.hbs
+++ b/server/views/partials/shortener.hbs
@@ -26,7 +26,7 @@
   </div>
   <form 
     id="shortener-form" 
-    hx-post="/api/links" 
+    hx-post="./api/links" 
     hx-trigger="submit queue:none" 
     hx-target="closest main" 
     hx-swap="outerHTML" 
diff --git a/server/views/partials/stats.hbs b/server/views/partials/stats.hbs
index f525b4cd8..7cbfffe4d 100644
--- a/server/views/partials/stats.hbs
+++ b/server/views/partials/stats.hbs
@@ -2,7 +2,7 @@
   <div class="stats-error">
     <p>{{> icons/x}} {{error}}</p>
     <div class="stats-back-to-home">
-      <a class="back-to-home" href="/">
+      <a class="back-to-home" href="./">
         ← Back to homepage
       </a>
     </div>
@@ -93,7 +93,7 @@
   </main>
 
   <div class="stats-back-to-home">
-    <a class="back-to-home" href="/">
+    <a class="back-to-home" href="./">
       ← Back to homepage
     </a>
   </div>
diff --git a/server/views/reset_password_set_new_password.hbs b/server/views/reset_password_set_new_password.hbs
index cd31bc00f..24601fe1d 100644
--- a/server/views/reset_password_set_new_password.hbs
+++ b/server/views/reset_password_set_new_password.hbs
@@ -14,7 +14,7 @@
       {{> icons/x}}
       Password token is invalid. Please try again.
     </h2>
-    <a href="/reset-password" title="Reset password">Reset password →</a>
+    <a href="./reset-password" title="Reset password">Reset password →</a>
   {{/if}}
 </section>
 {{> footer}}
\ No newline at end of file
diff --git a/server/views/stats.hbs b/server/views/stats.hbs
index 00dba354d..0c4fecfd7 100644
--- a/server/views/stats.hbs
+++ b/server/views/stats.hbs
@@ -2,7 +2,7 @@
 <section
   id="stats-section"
   class="section-container"
-  hx-get="/api/links/{id}/stats"
+  hx-get="./api/links/{id}/stats"
   hx-swap="innerHTML"
   hx-trigger="load once"
   hx-vals='js:{ id: getQueryParams().id || "" }' 
@@ -20,6 +20,6 @@
 </section>
 {{> footer}}
 {{#extend "scripts"}}
-  <script src="/libs/chart.min.js"></script>
-  <script src="/scripts/stats.js"></script>
+  <script src="./libs/chart.min.js"></script>
+  <script src="./scripts/stats.js"></script>
 {{/extend}}
\ No newline at end of file
diff --git a/server/views/verify.hbs b/server/views/verify.hbs
index 3581f90c4..753db53e1 100644
--- a/server/views/verify.hbs
+++ b/server/views/verify.hbs
@@ -1,7 +1,7 @@
 {{> header}}
 <section id="verify" class="section-container verify-page">
   {{#if token_verified}}
-    <h2 hx-get="/" hx-trigger="load delay:1s" hx-target="body" hx-push-url="/">
+    <h2 hx-get="./" hx-trigger="load delay:1s" hx-target="body" hx-push-url="./">
       Your account has been verified. Redirecting to homepage...
     </h2>
   {{else}}
@@ -9,7 +9,7 @@
       {{> icons/x}}
       Invalid verification. Please try again.
     </h2>
-    <a href="/login" title="Log in or sign up">Log in / sign up →</a>
+    <a href="./login" title="Log in or sign up">Log in / sign up →</a>
   {{/if}}
 </section>
 {{> footer}}
\ No newline at end of file
diff --git a/server/views/verify_change_email.hbs b/server/views/verify_change_email.hbs
index 24b011caa..188859d70 100644
--- a/server/views/verify_change_email.hbs
+++ b/server/views/verify_change_email.hbs
@@ -1,7 +1,7 @@
 {{> header}}
 <section id="verify-change-email" class="section-container verify-page">
   {{#if token_verified}}
-    <h2 hx-get="/" hx-trigger="load delay:1s" hx-target="body" hx-push-url="/">
+    <h2 hx-get="./" hx-trigger="load delay:1s" hx-target="body" hx-push-url="./">
       Email address is verified. Redirecting to homepage...
     </h2>
   {{else}}
@@ -10,9 +10,9 @@
       Couldn't verify the email address. Please try again.
     </h2>
     {{#if user}}
-      <a href="/settings" title="Settings">Settings →</a>
+      <a href="./settings" title="Settings">Settings →</a>
     {{else}}
-      <a href="/login" title="Log in or sign up">Log in / sign up →</a>
+      <a href="./login" title="Log in or sign up">Log in / sign up →</a>
     {{/if}}
   {{/if}}
 </section>
diff --git a/static/css/styles.css b/static/css/styles.css
index 2bd96ef4f..b5d721dda 100644
--- a/static/css/styles.css
+++ b/static/css/styles.css
@@ -2,7 +2,7 @@
   font-family: 'Nunito';
   font-style: normal;
   font-weight: 200 1000;
-  src: url(/fonts/nunito-variable.woff2) format('woff2');
+  src: url(../fonts/nunito-variable.woff2) format('woff2');
 }
 
 :root {

From ef72649671c7ddf5c9f86c376af13005fca7b3f6 Mon Sep 17 00:00:00 2001
From: Orion Wilkinson-Johnson <orion.wilkinson-johnson@singlewire.com>
Date: Thu, 1 May 2025 14:38:52 -0500
Subject: [PATCH 2/2] Implement SHORT_URLS_INCLUDE_PATH environment variable;
 update readme and example env

---
 .example.env          |  6 ++++++
 README.md             |  2 ++
 server/env.js         |  1 +
 server/server.js      |  4 ++--
 server/utils/utils.js | 13 ++++++++++++-
 5 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/.example.env b/.example.env
index 6e9c4d3b1..7e2b57a07 100644
--- a/.example.env
+++ b/.example.env
@@ -7,6 +7,12 @@ SITE_NAME=Kutt
 # Optional - The domain that this website is on
 DEFAULT_DOMAIN=localhost:3000
 
+# Optional - The path the service will run on (ex: localhost:3000/url-shortener)
+BASE_PATH=
+
+# Optional - Whether the shortened links will use the base path (default false)
+SHORT_URLS_INCLUDE_PATH=false
+
 # Required - A passphrase to encrypt JWT. Use a random long string
 JWT_SECRET=
 
diff --git a/README.md b/README.md
index 6ad07f955..16aed769a 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,8 @@ You can use files for each of the variables by appending `_FILE` to the name of
 | `PORT` |  The port to start the app on | `3000` | `8888` |
 | `SITE_NAME` |  Name of the website | `Kutt` | `Your Site` |
 | `DEFAULT_DOMAIN` |  The domain address that this app runs on | `localhost:3000` | `yoursite.com` |
+| `BASE_PATH` | The path the service will run on | `/` | `/url-shortener` |
+| `SHORT_URLS_INCLUDE_PATH` | Whether the shortened links will use the base path. If this value is false and BASE_PATH is specified, your proxy will need to route to the BASE_PATH of the service. | `false` | `true` |
 | `LINK_LENGTH` | The length of of shortened address | `6` | `5` |
 | `LINK_CUSTOM_ALPHABET` | Alphabet used to generate custom addresses. Default value omits o, O, 0, i, I, l, 1, and j to avoid confusion when reading the URL. | (abcd..789) | `abcABC^&*()@` |
 | `DISALLOW_REGISTRATION` | Disable registration. Note that if `MAIL_ENABLED` is set to false, then the registration would still be disabled since it relies on emails to sign up users. | `true` | `false` |
diff --git a/server/env.js b/server/env.js
index b66ac3cde..fb2e96e84 100644
--- a/server/env.js
+++ b/server/env.js
@@ -66,6 +66,7 @@ const spec = {
   CONTACT_EMAIL: str({ default: "" }),
   NODE_APP_INSTANCE: num({ default: 0 }),
   BASE_PATH: str({ default: "" }),
+  SHORT_URLS_INCLUDE_PATH: bool({ default: false }),
 };
 
 for (const key in spec) {
diff --git a/server/server.js b/server/server.js
index 38a58c3d6..f0c95add9 100644
--- a/server/server.js
+++ b/server/server.js
@@ -72,8 +72,8 @@ router.use("/", routes.render);
 router.use("/api/v2", routes.api);
 router.use("/api", routes.api);
 
-// redirect the short link to the target
-router.get("/:id", asyncHandler(links.redirect));
+// redirect the short link to the target (using BASE_PATH if specified)
+(env.SHORT_URLS_INCLUDE_PATH ? router : app).get("/:id", asyncHandler(links.redirect));
 
 // finally, 404 pages that don't exist
 router.get("*", renders.notFound);
diff --git a/server/utils/utils.js b/server/utils/utils.js
index c7052af88..f95465931 100644
--- a/server/utils/utils.js
+++ b/server/utils/utils.js
@@ -74,7 +74,18 @@ function addProtocol(url) {
 
 function getShortURL(address, domain) {
   const protocol = (env.CUSTOM_DOMAIN_USE_HTTPS || !domain) && !env.isDev ? "https://" : "http://";
-  const link = `${domain || env.DEFAULT_DOMAIN}${!!env.DEFAULT_DOMAIN ? env.BASE_PATH : ''}/${address}`;
+  const linkDomain = domain || env.DEFAULT_DOMAIN;
+  let path = '';
+
+  if (env.BASE_PATH) {
+    if (linkDomain === env.DEFAULT_DOMAIN) {
+      path = env.BASE_PATH;
+    } else if (env.SHORT_URLS_INCLUDE_PATH) {
+      path = env.BASE_PATH;
+    }
+  }
+
+  const link = `${linkDomain}${path}/${address}`;
   const url = `${protocol}${link}`;
   return { address, link, url };
 }