How Hardcoded Private IPs Killed Our Production Frontend

A hardcoded private IP buried in the frontend source was silently breaking all external access. Here is the full story. Background We had an internal ERP system (Vite + React frontend, Express backend) that worked perfectly on the LAN. When we tried to expose it externally via a public domain, nothing worked. The Configuration Problem The nginx config for the domain: /api/ -> 127.0.0.1:3210 (backend) OK / -> 127.0.0.1:3101 (frontend) - nothing was running on this port The frontend was actually being served by a Vite dev server on a different machine (LAN-only) The Vite dev server was being used as the production server. The Real Killer: Hardcoded IPs Private IPs were scattered throughout the frontend source: const BASE_URL = ' http://192.168.x.x:8520/api ' ; fetch ( ' http://192.168.x.x:8520/api/sales/report/ledger ' , ...) Browsers on the LAN could reach these IPs directly. External browsers cannot. Even after vite build , these IPs were baked into the bundled JS. Result: Every API ca