feat: complete nginx migration from caddy

- Replace Caddy reverse proxy with Nginx (nginx:alpine) - Add nginx.conf with HTTP/HTTPS, gzip, and proxy settings - Add nginx-custom-domains.conf template for custom domains - Update docker-compose.yml to use Nginx service - Add ProxyFix middleware to Flask app for proper header handling - Create nginx_config_reader.py utility to read Nginx configuration - Update admin blueprint to display Nginx status in https_config page - Add Nginx configuration display to https_config.html template - Generate self-signed SSL certificates for localhost - Add utility scripts: generate_nginx_certs.sh - Add documentation: NGINX_SETUP_QUICK.md, PROXY_FIX_SETUP.md - All containers now running, HTTPS working, HTTP redirects to HTTPS - Session cookies marked as Secure - Security headers properly configured
2026-01-15 22:15:11 +02:00
parent 2ea24a98cd
commit 21eb63659a
11 changed files with 587 additions and 10 deletions
--- a/NGINX_SETUP_QUICK.md
+++ b/NGINX_SETUP_QUICK.md
@@ -0,0 +1,84 @@
+# Quick Start: Nginx Setup for DigiServer v2
+
+## Pre-requisites
+- SSL certificates in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
+- Docker and Docker Compose installed
+- Port 80 and 443 available
+
+## Quick Setup (3 steps)
+
+### 1. Generate Self-Signed Certificates
+```bash
+./generate_nginx_certs.sh localhost 365
+```
+
+### 2. Update Nginx Configuration
+- Edit `nginx.conf` to set your domain:
+  ```nginx
+  server_name localhost;  # Change to your domain
+  ```
+
+### 3. Start Docker Compose
+```bash
+docker-compose up -d
+```
+
+## Verification
+
+### Check if Nginx is running
+```bash
+docker ps | grep nginx
+```
+
+### Test HTTP → HTTPS redirect
+```bash
+curl -L http://localhost
+```
+
+### Test HTTPS (with self-signed cert)
+```bash
+curl -k https://localhost
+```
+
+### View logs
+```bash
+docker logs digiserver-nginx
+docker exec digiserver-nginx tail -f /var/log/nginx/access.log
+```
+
+## Using Production Certificates
+
+### Option A: Let's Encrypt (Free)
+1. Install certbot: `apt-get install certbot`
+2. Generate cert: `certbot certonly --standalone -d your-domain.com`
+3. Copy cert: `cp /etc/letsencrypt/live/your-domain.com/fullchain.pem ./data/nginx-ssl/cert.pem`
+4. Copy key: `cp /etc/letsencrypt/live/your-domain.com/privkey.pem ./data/nginx-ssl/key.pem`
+5. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
+6. Reload: `docker exec digiserver-nginx nginx -s reload`
+
+### Option B: Commercial Certificate
+1. Place your certificate files in `./data/nginx-ssl/cert.pem` and `./data/nginx-ssl/key.pem`
+2. Fix permissions: `sudo chown 101:101 ./data/nginx-ssl/*`
+3. Reload: `docker exec digiserver-nginx nginx -s reload`
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| Port 80/443 in use | `sudo netstat -tlnp \| grep :80` or `:443` |
+| Certificate permission denied | `sudo chown 101:101 ./data/nginx-ssl/*` |
+| Nginx won't start | `docker logs digiserver-nginx` |
+| Connection refused | Check firewall: `sudo ufw allow 80/tcp && sudo ufw allow 443/tcp` |
+
+## File Locations
+- Main config: `./nginx.conf`
+- SSL certs: `./data/nginx-ssl/`
+- Logs: `./data/nginx-logs/`
+- Custom domains: `./nginx-custom-domains.conf` (auto-generated)
+
+## Next: Production Setup
+1. Update `.env` with your DOMAIN and EMAIL
+2. Configure HTTPS settings in admin panel
+3. Run: `python nginx_manager.py generate`
+4. Test: `docker exec digiserver-nginx nginx -t`
+5. Reload: `docker exec digiserver-nginx nginx -s reload`