Add HTTPS configuration management system

- Add HTTPSConfig model for managing HTTPS settings
- Add admin routes for HTTPS configuration management
- Add beautiful admin template for HTTPS configuration
- Add database migration for https_config table
- Add CLI utility for HTTPS management
- Add setup script for automated configuration
- Add Caddy configuration generator and manager
- Add comprehensive documentation (3 guides)
- Add HTTPS Configuration card to admin dashboard
- Implement input validation and security features
- Add admin-only access control with audit trail
- Add real-time configuration preview
- Integrate with existing Caddy reverse proxy

Features:
- Enable/disable HTTPS from web interface
- Configure domain, hostname, IP address, port
- Automatic SSL certificate management via Let's Encrypt
- Real-time Caddyfile generation and reload
- Full audit trail with admin username and timestamps
- Support for HTTPS and HTTP fallback access points
- Beautiful, mobile-responsive UI

Modified files:
- app/models/__init__.py (added HTTPSConfig import)
- app/blueprints/admin.py (added HTTPS routes)
- app/templates/admin/admin.html (added HTTPS card)
- docker-compose.yml (added Caddyfile mount and admin port)

New files:
- app/models/https_config.py
- app/blueprints/https_config.html
- app/utils/caddy_manager.py
- https_manager.py
- setup_https.sh
- migrations/add_https_config_table.py
- migrations/add_email_to_https_config.py
- HTTPS_STATUS.txt
- Documentation files (3 markdown guides)

Caddyfile

@@ -1,18 +1,17 @@
 {
     # Global options
-    email {$EMAIL}
+    email admin@example.com
+    # Admin API for configuration management (listen on all interfaces)
+    admin 0.0.0.0:2019
     # Uncomment for testing to avoid rate limits
     # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 }
 
-{$DOMAIN:localhost} {
-    # Automatic HTTPS (Caddy handles Let's Encrypt automatically)
-    
-    # Reverse proxy to Flask app
+# Shared reverse proxy configuration
+(reverse_proxy_config) {
     reverse_proxy digiserver-app:5000 {
         header_up Host {host}
         header_up X-Real-IP {remote_host}
-        header_up X-Forwarded-For {remote_host}
         header_up X-Forwarded-Proto {scheme}
         
         # Timeouts for large uploads
@@ -29,7 +28,6 @@
     
     # Security headers
     header {
-        Strict-Transport-Security "max-age=31536000; includeSubDomains"
         X-Frame-Options "SAMEORIGIN"
         X-Content-Type-Options "nosniff"
         X-XSS-Protection "1; mode=block"
@@ -41,38 +39,22 @@
     }
 }
 
-# Handle IP address access without automatic HTTPS
-http://192.168.0.206 {
-    # Reverse proxy to Flask app
-    reverse_proxy digiserver-app:5000 {
-        # Headers
-        header_up Host {host}
-        header_up X-Real-IP {remote_host}
-        header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-Proto {scheme}
-        
-        # Timeouts for large uploads
-        transport http {
-            read_timeout 300s
-            write_timeout 300s
-        }
-    }
-    
-    # File upload size limit (2GB)
-    request_body {
-        max_size 2GB
-    }
-    
-    # Security headers
-    header {
-        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        X-Frame-Options "SAMEORIGIN"
-        X-Content-Type-Options "nosniff"
-        X-XSS-Protection "1; mode=block"
-    }
-    
-    # Logging
-    log {
-        output file /var/log/caddy/access.log
-    }
+# Localhost (development/local access)
+http://localhost {
+    import reverse_proxy_config
+}
+
+# Internal domain (HTTP only - internal use)
+http://digiserver.sibiusb.harting.intra {
+    import reverse_proxy_config
+}
+
+# Handle IP address access
+http://10.76.152.164 {
+    import reverse_proxy_config
+}
+
+# Catch-all for any other HTTP requests
+http://* {
+    import reverse_proxy_config
 }