Add HTTPS configuration management system

- Add HTTPSConfig model for managing HTTPS settings - Add admin routes for HTTPS configuration management - Add beautiful admin template for HTTPS configuration - Add database migration for https_config table - Add CLI utility for HTTPS management - Add setup script for automated configuration - Add Caddy configuration generator and manager - Add comprehensive documentation (3 guides) - Add HTTPS Configuration card to admin dashboard - Implement input validation and security features - Add admin-only access control with audit trail - Add real-time configuration preview - Integrate with existing Caddy reverse proxy Features: - Enable/disable HTTPS from web interface - Configure domain, hostname, IP address, port - Automatic SSL certificate management via Let's Encrypt - Real-time Caddyfile generation and reload - Full audit trail with admin username and timestamps - Support for HTTPS and HTTP fallback access points - Beautiful, mobile-responsive UI Modified files: - app/models/__init__.py (added HTTPSConfig import) - app/blueprints/admin.py (added HTTPS routes) - app/templates/admin/admin.html (added HTTPS card) - docker-compose.yml (added Caddyfile mount and admin port) New files: - app/models/https_config.py - app/blueprints/https_config.html - app/utils/caddy_manager.py - https_manager.py - setup_https.sh - migrations/add_https_config_table.py - migrations/add_email_to_https_config.py - HTTPS_STATUS.txt - Documentation files (3 markdown guides)
2026-01-14 12:02:49 +02:00
parent ef17abfe6b
commit 48f1bfbcad
108 changed files with 2835 additions and 43 deletions
--- a/app/models/https_config.py
+++ b/app/models/https_config.py
@@ -0,0 +1,104 @@
+"""HTTPS Configuration model."""
+from datetime import datetime
+from typing import Optional
+
+from app.extensions import db
+
+
+class HTTPSConfig(db.Model):
+    """HTTPS configuration model for managing secure connections.
+    
+    Attributes:
+        id: Primary key
+        https_enabled: Whether HTTPS is enabled
+        hostname: Server hostname (e.g., 'digiserver')
+        domain: Full domain name (e.g., 'digiserver.sibiusb.harting.intra')
+        ip_address: IP address for direct access
+        email: Email address for SSL certificate notifications
+        port: HTTPS port (default 443)
+        created_at: Creation timestamp
+        updated_at: Last update timestamp
+        updated_by: User who made the last update
+    """
+    __tablename__ = 'https_config'
+    
+    id = db.Column(db.Integer, primary_key=True)
+    https_enabled = db.Column(db.Boolean, default=False, nullable=False)
+    hostname = db.Column(db.String(255), nullable=True)
+    domain = db.Column(db.String(255), nullable=True)
+    ip_address = db.Column(db.String(45), nullable=True)  # Support IPv6
+    email = db.Column(db.String(255), nullable=True)
+    port = db.Column(db.Integer, default=443, nullable=False)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, 
+                          onupdate=datetime.utcnow, nullable=False)
+    updated_by = db.Column(db.String(255), nullable=True)
+    
+    def __repr__(self) -> str:
+        """String representation of HTTPSConfig."""
+        status = 'ENABLED' if self.https_enabled else 'DISABLED'
+        return f'<HTTPSConfig [{status}] {self.domain or "N/A"}>'
+    
+    @classmethod
+    def get_config(cls) -> Optional['HTTPSConfig']:
+        """Get the current HTTPS configuration.
+        
+        Returns:
+            HTTPSConfig instance or None if not configured
+        """
+        return cls.query.first()
+    
+    @classmethod
+    def create_or_update(cls, https_enabled: bool, hostname: str = None,
+                        domain: str = None, ip_address: str = None,
+                        email: str = None, port: int = 443, 
+                        updated_by: str = None) -> 'HTTPSConfig':
+        """Create or update HTTPS configuration.
+        
+        Args:
+            https_enabled: Whether HTTPS is enabled
+            hostname: Server hostname
+            domain: Full domain name
+            ip_address: IP address
+            email: Email for SSL certificates
+            port: HTTPS port
+            updated_by: Username of who made the update
+            
+        Returns:
+            HTTPSConfig instance
+        """
+        config = cls.get_config()
+        if not config:
+            config = cls()
+        
+        config.https_enabled = https_enabled
+        config.hostname = hostname
+        config.domain = domain
+        config.ip_address = ip_address
+        config.email = email
+        config.port = port
+        config.updated_by = updated_by
+        config.updated_at = datetime.utcnow()
+        
+        db.session.add(config)
+        db.session.commit()
+        return config
+    
+    def to_dict(self) -> dict:
+        """Convert configuration to dictionary.
+        
+        Returns:
+            Dictionary representation of config
+        """
+        return {
+            'id': self.id,
+            'https_enabled': self.https_enabled,
+            'hostname': self.hostname,
+            'domain': self.domain,
+            'ip_address': self.ip_address,
+            'email': self.email,
+            'port': self.port,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+            'updated_by': self.updated_by,
+        }