diff --git a/.github/workflows/frontend-gh-pages.yml b/.github/workflows/frontend-gh-pages.yml
index ee170446..5e61a99f 100644
--- a/.github/workflows/frontend-gh-pages.yml
+++ b/.github/workflows/frontend-gh-pages.yml
@@ -42,7 +42,7 @@ jobs:
         run: |
           touch .env
           echo VITE_APP_API_URL=${{ secrets.VITE_APP_API_URL }} >> .env
-          echo VITE_APP_URL=${{ secrets.VITE_APP_URL }} >> .env
+          echo VITE_APP_FULL_URL=${{ secrets.VITE_APP_FULL_URL }} >> .env
           echo VITE_OAUTH2_REDIRECT_URL=${{ secrets.VITE_OAUTH2_REDIRECT_URL }} >> .env
           echo VITE_APP_BASE=${{ secrets.VITE_APP_BASE }} >> .env
           cp .env ../.env
diff --git a/app/env.template b/app/env.template
index 95a3117f..745a163e 100644
--- a/app/env.template
+++ b/app/env.template
@@ -18,14 +18,23 @@ VITE_APP_NAME=subsetter
 VITE_APP_ORIGIN=https://localhost
 
 # for nested static deployment, set VITE_APP_BASE=/domain-subsetter/
-# VITE_APP_BASE=/domain-subsetter/
+VITE_APP_BASE=/
+
+# VITE_APP_FULL_URL=${VITE_APP_ORIGIN}${VITE_APP_BASE}
+VITE_APP_FULL_URL=https://localhost/
 
-VITE_APP_URL=${VITE_APP_ORIGIN}${VITE_APP_BASE}
 VITE_APP_API_HOST=localhost
-VITE_APP_API_URL=https://${VITE_APP_API_HOST}/api
 
-ALLOW_ORIGINS=${VITE_APP_ORIGIN}
-OAUTH2_REDIRECT_URL=${VITE_APP_API_URL}/auth/cuahsi/callback
+# VITE_APP_API_URL=https://${VITE_APP_API_HOST}/api
+VITE_APP_API_URL=https://localhost/api
+
+# ALLOW_ORIGINS=${VITE_APP_ORIGIN}
+ALLOW_ORIGINS=https://localhost
+
+# OAUTH2_REDIRECT_URL=${VITE_APP_API_URL}/auth/cuahsi/callback
+OAUTH2_REDIRECT_URL=https://localhost/api/auth/cuahsi/callback
+
+# VITE_OAUTH2_REDIRECT_URL="${VITE_APP_FULL_URL}#/auth-redirect"
+VITE_OAUTH2_REDIRECT_URL="http://localhost/#/auth-redirect"
 
-VITE_OAUTH2_REDIRECT_URL="${VITE_APP_URL}#/auth-redirect"
 OIDC_BASE_URL=https://auth.cuahsi.io/realms/CUAHSI/protocol/openid-connect/
\ No newline at end of file
diff --git a/app/frontend/src/auth.js b/app/frontend/src/auth.js
index 4a765cf9..cd8f8b18 100644
--- a/app/frontend/src/auth.js
+++ b/app/frontend/src/auth.js
@@ -12,7 +12,7 @@ export async function logIn(callback) {
   const authUrl = new URL(json.authorization_url)
   // TODO: use an env var for auth redirect instead of hard-coding
   // "#" hash routing was not passed from github env secret so had to hard code here.
-  authUrl.searchParams.set('redirect_uri', `${APP_URL}/#/auth-redirect`)
+  authUrl.searchParams.set('redirect_uri', `${APP_URL}#/auth-redirect`)
   window.open(
     authUrl.toString(),
     '_blank',
diff --git a/app/frontend/src/constants.js b/app/frontend/src/constants.js
index 83f97108..c5bb16c6 100644
--- a/app/frontend/src/constants.js
+++ b/app/frontend/src/constants.js
@@ -1,5 +1,5 @@
 export const APP_NAME = import.meta.env.VITE_APP_NAME || "";
-export const APP_URL = import.meta.env.VITE_APP_URL || "";
+export const APP_URL = import.meta.env.VITE_APP_FULL_URL || "";
 export const APP_BASE = import.meta.env.VITE_APP_BASE || "";
 
 export const API_BASE = import.meta.env.VITE_APP_API_URL || "";