feat: complete nginx migration from caddy

- Replace Caddy reverse proxy with Nginx (nginx:alpine) - Add nginx.conf with HTTP/HTTPS, gzip, and proxy settings - Add nginx-custom-domains.conf template for custom domains - Update docker-compose.yml to use Nginx service - Add ProxyFix middleware to Flask app for proper header handling - Create nginx_config_reader.py utility to read Nginx configuration - Update admin blueprint to display Nginx status in https_config page - Add Nginx configuration display to https_config.html template - Generate self-signed SSL certificates for localhost - Add utility scripts: generate_nginx_certs.sh - Add documentation: NGINX_SETUP_QUICK.md, PROXY_FIX_SETUP.md - All containers now running, HTTPS working, HTTP redirects to HTTPS - Session cookies marked as Secure - Security headers properly configured
2026-01-15 22:15:11 +02:00
parent 2ea24a98cd
commit 21eb63659a
11 changed files with 587 additions and 10 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -29,6 +29,11 @@ class Config:
    SESSION_COOKIE_HTTPONLY = True
    SESSION_COOKIE_SAMESITE = 'Lax'
    
+    # Reverse proxy trust (for Nginx/Caddy with ProxyFix middleware)
+    # These are set by werkzeug.middleware.proxy_fix
+    TRUSTED_PROXIES = os.getenv('TRUSTED_PROXIES', '127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16')
+    PREFERRED_URL_SCHEME = os.getenv('PREFERRED_URL_SCHEME', 'https')
+    
    # Cache
    SEND_FILE_MAX_AGE_DEFAULT = 300  # 5 minutes for static files