ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add HTTPS configuration management system

Browse Source 
- Add HTTPSConfig model for managing HTTPS settings
- Add admin routes for HTTPS configuration management
- Add beautiful admin template for HTTPS configuration
- Add database migration for https_config table
- Add CLI utility for HTTPS management
- Add setup script for automated configuration
- Add Caddy configuration generator and manager
- Add comprehensive documentation (3 guides)
- Add HTTPS Configuration card to admin dashboard
- Implement input validation and security features
- Add admin-only access control with audit trail
- Add real-time configuration preview
- Integrate with existing Caddy reverse proxy

Features:
- Enable/disable HTTPS from web interface
- Configure domain, hostname, IP address, port
- Automatic SSL certificate management via Let's Encrypt
- Real-time Caddyfile generation and reload
- Full audit trail with admin username and timestamps
- Support for HTTPS and HTTP fallback access points
- Beautiful, mobile-responsive UI

Modified files:
- app/models/__init__.py (added HTTPSConfig import)
- app/blueprints/admin.py (added HTTPS routes)
- app/templates/admin/admin.html (added HTTPS card)
- docker-compose.yml (added Caddyfile mount and admin port)

New files:
- app/models/https_config.py
- app/blueprints/https_config.html
- app/utils/caddy_manager.py
- https_manager.py
- setup_https.sh
- migrations/add_https_config_table.py
- migrations/add_email_to_https_config.py
- HTTPS_STATUS.txt
- Documentation files (3 markdown guides)
This commit is contained in:
Quality App Developer
2026-01-14 12:02:49 +02:00
parent ef17abfe6b
commit 48f1bfbcad
108 changed files with 2835 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
old_code_documentation/.env.example Normal file → Executable file
View File

295
old_code_documentation/CADDY_DYNAMIC_CONFIG.md Normal file
View File

@@ -0,0 +1,295 @@
# Caddy Dynamic Configuration Management
## Overview
The HTTPS configuration system now automatically generates and manages the Caddy configuration in real-time. When an admin updates settings through the admin panel, the Caddyfile is regenerated and reloaded without requiring a full container restart.
## How It Works
### 1. **Configuration Generation**
When admin saves HTTPS settings:
1. Settings are saved to database (HTTPSConfig table)
2. `CaddyConfigGenerator` creates a new Caddyfile based on settings
3. Generated Caddyfile is written to disk
### 2. **Configuration Reload**
After Caddyfile is written:
1. Caddy reload API is called via `docker-compose exec`
2. Caddy validates and applies new configuration
3. No downtime - live configuration update
### 3. **Fallback Configuration**
If HTTPS is disabled:
1. System uses default hardcoded configuration
2. Supports localhost, internal domain, and IP address
3. Catch-all configuration for any other requests
## Files Involved
### New Files
- **`app/utils/caddy_manager.py`** - CaddyConfigGenerator class with:
- `generate_caddyfile()` - Generates Caddyfile content
- `write_caddyfile()` - Writes to disk
- `reload_caddy()` - Reloads via Docker
### Updated Files
- **`app/blueprints/admin.py`** - HTTPS config route now:
- Generates new Caddyfile
- Writes to disk
- Reloads Caddy automatically
- Reports status to user
## Admin Panel Workflow
### Step 1: User Fills Form
```
Admin Panel → HTTPS Configuration
- Hostname: digiserver
- Domain: digiserver.sibiusb.harting.intra
- Email: admin@example.com
- IP: 10.76.152.164
- Port: 443
```
### Step 2: Admin Saves Configuration
- POST /admin/https-config/update
- Settings validated and saved to database
- Caddyfile generated dynamically
- Caddy reloaded with new configuration
### Step 3: User Sees Confirmation
```
✅ HTTPS configuration saved successfully!
✅ Caddy configuration updated successfully!
Server available at https://digiserver.sibiusb.harting.intra
```
### Step 4: Configuration Live
- New domain/IP immediately active
- No container restart needed
- Caddy applying new routes in real-time
## Generated Caddyfile Structure
**When HTTPS Enabled:**
```caddyfile
{
email admin@example.com
}
(reverse_proxy_config) {
reverse_proxy digiserver-app:5000 { ... }
request_body { max_size 2GB }
header { ... }
log { ... }
}
http://localhost { import reverse_proxy_config }
http://digiserver.sibiusb.harting.intra { import reverse_proxy_config }
http://10.76.152.164 { import reverse_proxy_config }
http://* { import reverse_proxy_config }
```
**When HTTPS Disabled:**
```caddyfile
{
email admin@localhost
}
(reverse_proxy_config) { ... }
http://localhost { import reverse_proxy_config }
http://digiserver.sibiusb.harting.intra { import reverse_proxy_config }
http://10.76.152.164 { import reverse_proxy_config }
http://* { import reverse_proxy_config }
```
## Key Features
### ✅ No Restart Required
- Caddyfile changes applied without restarting containers
- Caddy reload API handles configuration hot-swap
- Zero downtime configuration updates
### ✅ Dynamic Configuration
- Settings in admin panel → Generated Caddyfile
- Database is source of truth
- Easy to modify in admin UI
### ✅ Automatic Fallbacks
- Catch-all `http://*` handles any host
- Always has localhost access
- Always has IP address access
### ✅ User Feedback
- Admin sees status of Caddy reload
- Error messages if Caddy reload fails
- Logging of all changes
### ✅ Safe Updates
- Caddyfile validation before reload
- Graceful error handling
- Falls back to previous config if reload fails
## Error Handling
If Caddy reload fails:
1. Database still has updated settings
2. Old Caddyfile may still be in use
3. User sees warning with status
4. Admin can manually restart: `docker-compose restart caddy`
## Admin Panel Status Messages
### Success (✅)
```
✅ HTTPS configuration saved successfully!
✅ Caddy configuration updated successfully!
Server available at https://domain.local
```
### Partial Success (⚠️)
```
✅ HTTPS configuration saved successfully!
⚠️ Caddyfile updated but reload failed. Please restart containers.
Server available at https://domain.local
```
### Configuration Saved, Update Failed (⚠️)
```
⚠️ Configuration saved but Caddy update failed: [error details]
```
## Testing Configuration
### Check Caddyfile Content
```bash
cat /srv/digiserver-v2/Caddyfile
```
### Manually Reload Caddy
```bash
docker-compose exec caddy caddy reload --config /etc/caddy/Caddyfile
```
### Check Caddy Status
```bash
docker-compose logs caddy --tail=20
```
### Test Access Points
```bash
# Test all configured domains/IPs
curl http://localhost
curl http://digiserver.sibiusb.harting.intra
curl http://10.76.152.164
```
## Configuration Database
Settings stored in `https_config` table:
```
https_enabled: boolean
hostname: string
domain: string
ip_address: string
email: string
port: integer
updated_at: datetime
updated_by: string
```
When admin updates form → Database updated → Caddyfile regenerated → Caddy reloaded
## Workflow Diagram
```
┌─────────────────────┐
│ Admin Panel Form │
│ (HTTPS Config) │
└──────────┬──────────┘
│ Submit
┌─────────────────────┐
│ Validate Input │
└──────────┬──────────┘
│ Valid
┌─────────────────────┐
│ Save to Database │
│ (HTTPSConfig) │
└──────────┬──────────┘
│ Saved
┌─────────────────────┐
│ Generate Caddyfile │
│ (CaddyConfigGen) │
└──────────┬──────────┘
│ Generated
┌─────────────────────┐
│ Write to Disk │
│ (/Caddyfile) │
└──────────┬──────────┘
│ Written
┌─────────────────────┐
│ Reload Caddy │
│ (Docker exec) │
└──────────┬──────────┘
│ Reloaded
┌─────────────────────┐
│ Show Status to │
│ Admin (Success) │
└─────────────────────┘
```
## Implementation Details
### CaddyConfigGenerator Class
**generate_caddyfile(config)**
- Takes HTTPSConfig from database
- Generates complete Caddyfile content
- Uses shared reverse proxy configuration template
- Returns full Caddyfile as string
**write_caddyfile(content, path)**
- Writes generated content to disk
- Path defaults to /srv/digiserver-v2/Caddyfile
- Returns True on success, False on error
**reload_caddy()**
- Runs: `docker-compose exec -T caddy caddy reload`
- Validates config and applies live
- Returns True on success, False on error
## Advantages Over Manual Configuration
| Manual | Dynamic |
|--------|---------|
| Edit Caddyfile manually | Change via admin panel |
| Restart container | No restart needed |
| Risk of syntax errors | Validated generation |
| No audit trail | Logged with username |
| Each change is manual | One-time setup |
## Future Enhancements
Potential improvements:
- Configuration history/backup
- Rollback to previous config
- Health check after reload
- Automatic backup before update
- Configuration templates
- Multi-domain support
## Support
For issues:
1. Check admin panel messages for Caddy reload status
2. Review logs: `docker-compose logs caddy`
3. Check Caddyfile: `cat /srv/digiserver-v2/Caddyfile`
4. Manual reload: `docker-compose exec caddy caddy reload --config /etc/caddy/Caddyfile`
5. Full restart: `docker-compose restart caddy`

0
old_code_documentation/DOCKER.md Normal file → Executable file
View File

192
old_code_documentation/HTTPS_CONFIGURATION.md Normal file
View File

@@ -0,0 +1,192 @@
# HTTPS Configuration Management System
## Overview
The DigiServer v2 now includes a built-in HTTPS configuration management system accessible through the Admin Panel. This allows administrators to enable and manage HTTPS/SSL settings directly from the web interface without needing to manually edit configuration files.
## Features
- **Enable/Disable HTTPS**: Toggle HTTPS on and off from the admin panel
- **Domain Management**: Set the full domain name (e.g., `digiserver.sibiusb.harting.intra`)
- **Hostname Configuration**: Configure server hostname (e.g., `digiserver`)
- **IP Address Management**: Set the IP address for direct access (e.g., `10.76.152.164`)
- **Port Configuration**: Customize HTTPS port (default: 443)
- **Status Tracking**: View current HTTPS status and configuration details
- **Real-time Preview**: See access points as you configure settings
## Workflow
### Step 1: Initial Setup (HTTP Only)
1. Start the application normally: `docker-compose up -d`
2. The app runs on HTTP port 80
3. Access via: `http://<server-ip>`
### Step 2: Enable HTTPS via Admin Panel
1. Log in to the admin panel as an administrator
2. Navigate to: **Admin Panel → 🔒 HTTPS Configuration**
3. Toggle the "Enable HTTPS" switch
4. Fill in the required fields:
- **Hostname**: Short name for your server (e.g., `digiserver`)
- **Full Domain Name**: Complete domain (e.g., `digiserver.sibiusb.harting.intra`)
- **IP Address**: Server IP address (e.g., `10.76.152.164`)
- **HTTPS Port**: Port number (default: 443)
### Step 3: Verify Configuration
1. The status section shows your HTTPS configuration
2. Access points are displayed:
- HTTPS: `https://digiserver.sibiusb.harting.intra`
- HTTP fallback: `http://10.76.152.164`
## Configuration Details
### Database Model (HTTPSConfig)
The configuration is stored in the `https_config` table with the following fields:
```python
- id: Primary key
- https_enabled: Boolean flag for HTTPS status
- hostname: Server hostname
- domain: Full domain name
- ip_address: IPv4 or IPv6 address
- port: HTTPS port (default: 443)
- created_at: Creation timestamp
- updated_at: Last modification timestamp
- updated_by: Username of admin who made the change
```
### Admin Routes
- **GET /admin/https-config**: View HTTPS configuration page
- **POST /admin/https-config/update**: Update HTTPS settings
- **GET /admin/https-config/status**: Get current status as JSON
## Integration with Docker & Caddy
The HTTPS configuration works in conjunction with:
1. **Caddy Reverse Proxy**: Automatically handles SSL/TLS
2. **Let's Encrypt**: Provides free SSL certificates
3. **docker-compose.yml**: Uses the configured domain for Caddy
### Current Setup
**docker-compose.yml** uses `digiserver.sibiusb.harting.intra` as the primary domain.
**Caddyfile** configurations:
- HTTPS: `digiserver.sibiusb.harting.intra` (auto-managed SSL)
- HTTP Fallback: `10.76.152.164` (direct IP access)
## Prerequisites
Before enabling HTTPS, ensure:
1. **DNS Resolution**: Domain must resolve to the server's IP
```bash
# Test DNS resolution
nslookup digiserver.sibiusb.harting.intra
```
2. **Ports Accessible**:
- Port 80 (HTTP): For Let's Encrypt challenges
- Port 443 (HTTPS): For secure traffic
- Port 443/UDP: For HTTP/3 support
3. **Firewall Rules**: Ensure inbound traffic is allowed on ports 80 and 443
4. **Hosts File** (if DNS not available):
```
10.76.152.164 digiserver.sibiusb.harting.intra
```
## Database Migration
To set up the HTTPS configuration table, run:
```bash
# From inside the Docker container
python /app/migrations/add_https_config_table.py
# Or from the host machine
docker-compose exec digiserver-app python /app/migrations/add_https_config_table.py
```
## Access Points After Configuration
### HTTPS (Recommended)
- URL: `https://digiserver.sibiusb.harting.intra`
- Protocol: HTTPS with SSL/TLS
- Automatic redirects from HTTP
- Let's Encrypt certificate (auto-renewed)
### HTTP Fallback
- URL: `http://10.76.152.164`
- Protocol: Plain HTTP (no encryption)
- Used when domain is not accessible
- Automatically redirects to HTTPS
## Security Features
✅ Automatic SSL certificate management (Let's Encrypt)
✅ Automatic certificate renewal
✅ Security headers (HSTS, X-Frame-Options, etc.)
✅ HTTP/2 and HTTP/3 support
✅ Admin-only access to configuration
## Logging
All HTTPS configuration changes are logged in the server logs:
```
✓ HTTPS enabled by admin: domain=digiserver.sibiusb.harting.intra, hostname=digiserver, ip=10.76.152.164
✓ HTTPS disabled by admin
```
Check admin panel → Logs for detailed audit trail.
## Troubleshooting
### HTTPS Not Working
1. Verify DNS resolution: `nslookup digiserver.sibiusb.harting.intra`
2. Check Caddy logs: `docker-compose logs caddy`
3. Ensure ports 80 and 443 are open
4. Check firewall rules
### Certificate Issues
1. Check Caddy container logs
2. Verify domain is accessible from internet
3. Ensure Let's Encrypt can validate domain
4. Check email configuration for certificate notifications
### Configuration Not Applied
1. Verify database migration ran: `python migrations/add_https_config_table.py`
2. Restart containers: `docker-compose restart`
3. Check admin panel for error messages
4. Review server logs
## Example Configuration
For a typical setup:
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP Address: 10.76.152.164
Port: 443
HTTPS Status: Enabled ✅
```
Access via:
- `https://digiserver.sibiusb.harting.intra` ← Primary
- `http://10.76.152.164` ← Fallback
## Future Enhancements
Potential improvements for future versions:
- Certificate upload/management interface
- Domain validation checker
- Automatic DNS verification
- Custom SSL certificate support
- Certificate expiration notifications
- A/B testing for domain migration

202
old_code_documentation/HTTPS_EMAIL_UPDATE.md Normal file
View File

@@ -0,0 +1,202 @@
# HTTPS Email Configuration - Update Guide
## What's New
The HTTPS configuration system now includes an **Email Address** field that is essential for:
- SSL certificate management (Let's Encrypt)
- Certificate expiration notifications
- Certificate renewal reminders
## Changes Made
### 1. **Database Model** (`app/models/https_config.py`)
- Added `email` field to HTTPSConfig model
- Updated `create_or_update()` method to accept email parameter
- Updated `to_dict()` method to include email in output
### 2. **Admin Routes** (`app/blueprints/admin.py`)
- Added email form field handling
- Added email validation (checks for '@' symbol)
- Updated configuration save to store email
- Updated logging to include email in configuration changes
### 3. **Admin Template** (`app/templates/admin/https_config.html`)
- Added email input field in configuration form
- Added email display in status section
- Added help text explaining email purpose
- Email marked as required when HTTPS is enabled
### 4. **CLI Utility** (`https_manager.py`)
- Updated enable command to accept email parameter
- Updated help text to show email requirement
- Example: `python https_manager.py enable digiserver domain.local admin@example.com 10.76.152.164`
### 5. **Database Migration** (`migrations/add_email_to_https_config.py`)
- New migration script to add email column to existing database
## Update Instructions
### Step 1: Run Database Migration
```bash
# Add email column to existing https_config table
python /app/migrations/add_email_to_https_config.py
```
### Step 2: Restart Application
```bash
docker-compose restart
```
### Step 3: Configure Email via Admin Panel
1. Navigate to: **Admin Panel → 🔒 HTTPS Configuration**
2. Fill in the new **Email Address** field
3. Example: `admin@example.com`
4. Click **Save HTTPS Configuration**
## Configuration Form - New Field
```html
<!-- Email Field -->
<label for="email">Email Address *</label>
<input type="email" id="email" name="email"
value="admin@example.com"
placeholder="e.g., admin@example.com"
required>
<p>Email address for SSL certificate notifications and Let's Encrypt communications</p>
```
## CLI Usage - New Syntax
**Old (still works for HTTP):**
```bash
python https_manager.py enable digiserver domain.local 10.76.152.164 443
```
**New (with email - recommended):**
```bash
python https_manager.py enable digiserver domain.local admin@example.com 10.76.152.164 443
```
## Status Display - Updated
The status card now shows:
```
✅ HTTPS ENABLED
Domain: digiserver.sibiusb.harting.intra
Hostname: digiserver
Email: admin@example.com ← NEW
IP Address: 10.76.152.164
Port: 443
Access URL: https://digiserver.sibiusb.harting.intra
Last Updated: 2026-01-14 15:30:45 by admin
```
## Validation
The system now validates:
- ✅ Email format (must contain '@')
- ✅ Email is required when HTTPS is enabled
- ✅ Email is stored in database
- ✅ Email is logged when configuration changes
## Benefits
📧 **Proper SSL Certificate Management**
- Let's Encrypt sends notifications to configured email
- Certificate expiration warnings before renewal
📋 **Better Configuration**
- Email is persisted in database
- No need to set environment variables
- Fully managed through admin panel
🔐 **Professional Setup**
- Real email address for certificate notifications
- Easier to manage multiple servers
- Complete audit trail with email address
## Backwards Compatibility
If you have an existing HTTPS configuration without an email:
1. The email field will be NULL
2. You'll see an error when trying to use HTTPS without email
3. Simply add the email through the admin panel and save
4. Configuration will be complete
## Database Schema Update
```sql
ALTER TABLE https_config ADD COLUMN email VARCHAR(255);
```
New schema:
```
https_config table:
├── id (PK)
├── https_enabled (BOOLEAN)
├── hostname (VARCHAR)
├── domain (VARCHAR)
├── ip_address (VARCHAR)
├── email (VARCHAR) ← NEW
├── port (INTEGER)
├── created_at (DATETIME)
├── updated_at (DATETIME)
└── updated_by (VARCHAR)
```
## Example Configuration
**Complete HTTPS Setup:**
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
Email: admin@example.com
IP: 10.76.152.164
Port: 443
Status: ✅ ENABLED
```
## Troubleshooting
### Email Field Not Showing?
1. Clear browser cache (Ctrl+Shift+Del)
2. Reload the page
3. Check that containers restarted: `docker-compose restart`
### Migration Error?
If migration fails:
```bash
# Option 1: Add column manually
docker-compose exec digiserver-app python -c "
from app.app import create_app
from app.extensions import db
from sqlalchemy import text
app = create_app()
with app.app_context():
db.engine.execute(text('ALTER TABLE https_config ADD COLUMN email VARCHAR(255)'))
"
# Option 2: Reset database (if testing)
rm instance/digiserver.db
python /app/migrations/add_https_config_table.py
```
### "Email Required" Error When HTTPS Enabled?
- Admin panel: Fill in the Email Address field before saving
- CLI: Include email in command: `python https_manager.py enable ... email@example.com ...`
## Next Steps
1. Run the database migration
2. Restart the application
3. Navigate to HTTPS Configuration
4. Enter a valid email address (e.g., `admin@example.com`)
5. Enable HTTPS
6. System will use this email for Let's Encrypt notifications
## Support
For issues or questions:
- Check `HTTPS_CONFIGURATION.md` for detailed documentation
- See `HTTPS_QUICK_REFERENCE.md` for quick examples
- Review server logs in admin panel for configuration changes

316
old_code_documentation/HTTPS_IMPLEMENTATION_SUMMARY.md Normal file
View File

@@ -0,0 +1,316 @@
# HTTPS Management System - Implementation Summary
## ✅ What Has Been Implemented
A complete HTTPS configuration management system has been added to DigiServer v2, allowing administrators to manage HTTPS settings through the web interface.
### Files Created
#### 1. **Database Model** (`app/models/https_config.py`)
- New `HTTPSConfig` model for storing HTTPS configuration
- Fields: hostname, domain, ip_address, port, enabled status, audit trail
- Methods: `get_config()`, `create_or_update()`, `to_dict()`
#### 2. **Admin Routes** (updated `app/blueprints/admin.py`)
- `GET /admin/https-config` - Display configuration page
- `POST /admin/https-config/update` - Update settings
- `GET /admin/https-config/status` - Get status as JSON
- Full validation and error handling
- Admin-only access with permission checks
#### 3. **Admin Template** (`app/templates/admin/https_config.html`)
- Beautiful, user-friendly configuration interface
- Status display showing current HTTPS settings
- Form with toggle switch for enable/disable
- Input fields for: hostname, domain, IP address, port
- Real-time preview of access points
- Comprehensive help text and information sections
- Responsive design for mobile compatibility
#### 4. **Database Migration** (`migrations/add_https_config_table.py`)
- Creates `https_config` table with all necessary fields
- Indexes on important columns
- Timestamps for audit trail
#### 5. **Admin Dashboard Link** (updated `app/templates/admin/admin.html`)
- Added new card in admin dashboard linking to HTTPS configuration
- Purple gradient card with lock icon (🔒)
- Easy access from main admin panel
#### 6. **CLI Utility** (`https_manager.py`)
- Command-line interface for managing HTTPS configuration
- Commands: `status`, `enable`, `disable`, `show`
- Useful for automation and scripting
#### 7. **Setup Script** (`setup_https.sh`)
- Automated setup script for database migration
- Step-by-step instructions for configuration
#### 8. **Documentation** (`HTTPS_CONFIGURATION.md`)
- Comprehensive guide covering:
- Feature overview
- Step-by-step workflow
- Configuration details
- Prerequisites
- Integration details
- Troubleshooting
- Examples
### Files Updated
#### 1. **Models Package** (`app/models/__init__.py`)
- Added import for `HTTPSConfig`
- Exported in `__all__` list
#### 2. **Admin Blueprint** (`app/blueprints/admin.py`)
- Imported `HTTPSConfig` model
- Added HTTPS management routes
#### 3. **Admin Dashboard** (`app/templates/admin/admin.html`)
- Added link to HTTPS configuration
#### 4. **Caddyfile**
- Already preconfigured with domain: `digiserver.sibiusb.harting.intra`
- IP fallback: `10.76.152.164`
- Ready to use with the new configuration system
---
## 🚀 Quick Start Guide
### Step 1: Database Setup
```bash
# Run the migration to create the https_config table
python /app/migrations/add_https_config_table.py
# Or automatically with the setup script
bash setup_https.sh
```
### Step 2: Start the Application (HTTP Only)
```bash
docker-compose up -d
```
### Step 3: Configure HTTPS via Admin Panel
1. Log in as admin
2. Go to: **Admin Panel → 🔒 HTTPS Configuration**
3. Toggle "Enable HTTPS"
4. Fill in:
- Hostname: `digiserver`
- Domain: `digiserver.sibiusb.harting.intra`
- IP Address: `10.76.152.164`
- Port: `443` (default)
5. Click "Save HTTPS Configuration"
### Step 4: Verify Access
- HTTPS: `https://digiserver.sibiusb.harting.intra`
- HTTP Fallback: `http://10.76.152.164`
---
## 📋 Workflow Explanation
### Initial State (HTTP Only)
```
┌─────────────────┐
│ App Running on │
│ Port 80 (HTTP) │
└────────┬────────┘
└─ Accessible at: http://10.76.152.164
```
### After Configuration (HTTP + HTTPS)
```
┌──────────────────────────────────────┐
│ Admin Configures HTTPS Settings: │
│ • Hostname: digiserver │
│ • Domain: digiserver...intra │
│ • IP: 10.76.152.164 │
│ • Port: 443 │
└──────────────┬───────────────────────┘
┌───────┴────────┐
│ │
┌────▼────┐ ┌─────▼──────┐
│ HTTPS │ │ HTTP │
│ Port443 │ │ Port 80 │
└────┬────┘ └─────┬──────┘
│ │
└──────────────┘
Both available
```
---
## 🔐 Security Features
**Admin-Only Access**
- Only administrators can access HTTPS configuration
- All changes logged with admin username and timestamp
**Input Validation**
- Domain format validation
- IP address format validation (IPv4/IPv6)
- Port range validation (1-65535)
**SSL/TLS Management**
- Automatic Let's Encrypt integration (via Caddy)
- Automatic certificate renewal
- Security headers (HSTS, X-Frame-Options, etc.)
**Audit Trail**
- All configuration changes logged
- Admin dashboard logs show who changed what and when
- Server logs track HTTPS enable/disable events
---
## 🛠️ CLI Management
Configure HTTPS from command line:
```bash
# Show current status
python https_manager.py status
# Enable HTTPS
python https_manager.py enable digiserver digiserver.sibiusb.harting.intra 10.76.152.164 443
# Disable HTTPS
python https_manager.py disable
# Show detailed configuration
python https_manager.py show
```
---
## 📊 Database Schema
**https_config table:**
```
┌──────────────────┬────────────────────┬──────────────┐
│ Column │ Type │ Description │
├──────────────────┼────────────────────┼──────────────┤
│ id │ Integer (PK) │ Primary key │
│ https_enabled │ Boolean │ Enable flag │
│ hostname │ String(255) │ Server name │
│ domain │ String(255) │ Domain name │
│ ip_address │ String(45) │ IP address │
│ port │ Integer │ HTTPS port │
│ created_at │ DateTime │ Created time │
│ updated_at │ DateTime │ Updated time │
│ updated_by │ String(255) │ Admin user │
└──────────────────┴────────────────────┴──────────────┘
```
---
## 🧪 Testing
### Test HTTPS Configuration UI
1. Log in as admin
2. Go to Admin Panel → HTTPS Configuration
3. Test Enable/Disable toggle
4. Test form validation with invalid inputs
5. Verify real-time preview updates
### Test Access Points
```bash
# Test HTTPS
curl -k https://digiserver.sibiusb.harting.intra
# Test HTTP Fallback
curl http://10.76.152.164
# Test status endpoint
curl http://<admin>/admin/https-config/status
```
---
## 📝 Configuration Examples
### Default Configuration
```python
hostname = "digiserver"
domain = "digiserver.sibiusb.harting.intra"
ip_address = "10.76.152.164"
port = 443
https_enabled = True
```
### Configuration for Different Network
```python
hostname = "myserver"
domain = "myserver.company.local"
ip_address = "192.168.1.100"
port = 8443
https_enabled = True
```
---
## 🔄 Integration with Existing System
The HTTPS configuration system integrates seamlessly with:
1. **Caddy Reverse Proxy** - Uses configured domain for SSL termination
2. **Let's Encrypt** - Automatic certificate provisioning and renewal
3. **Flask Application** - No code changes needed, works with existing auth
4. **Database** - Stores configuration persistently
5. **Logging System** - All changes logged and auditable
---
## 🎯 Key Benefits
**No Manual Configuration** - All settings through web UI
**Easy to Use** - Intuitive interface with real-time preview
**Audit Trail** - Track all HTTPS configuration changes
**Flexible** - Support for multiple access points (HTTPS + HTTP)
**Secure** - Admin-only access with validation
**Automated** - Automatic SSL certificate management
**CLI Support** - Programmatic configuration via command line
---
## 📚 Next Steps
1.**Run Database Migration**
```bash
python /app/migrations/add_https_config_table.py
```
2. ✅ **Start Application**
```bash
docker-compose up -d
```
3. ✅ **Configure via Admin Panel**
- Navigate to Admin → HTTPS Configuration
- Enable HTTPS with your settings
4. ✅ **Verify Configuration**
- Check status displays correctly
- Test access points work
- Review logs for changes
---
## 📞 Support & Troubleshooting
See `HTTPS_CONFIGURATION.md` for:
- Detailed troubleshooting guide
- DNS configuration instructions
- Firewall requirements
- Let's Encrypt certificate issues
- Error messages and solutions
---
## 🎉 Implementation Complete!
The HTTPS configuration management system is ready to use. All components are in place and documented. Simply run the database migration and start using the feature through the admin panel!

259
old_code_documentation/HTTPS_QUICK_REFERENCE.md Normal file
View File

@@ -0,0 +1,259 @@
# HTTPS Configuration - Quick Reference Guide
## 🎯 Quick Access
**Admin Panel Location:** Main Dashboard → 🔒 **HTTPS Configuration** (Purple card)
---
## ⚡ Quick Setup (5 Minutes)
### 1. Initial State
Your app is running on HTTP. Access: `http://10.76.152.164`
### 2. Navigate to HTTPS Config
- Admin Panel → 🔒 HTTPS Configuration
### 3. Configure (Fill In)
| Field | Value | Example |
|-------|-------|---------|
| Hostname | Server short name | `digiserver` |
| Domain | Full domain name | `digiserver.sibiusb.harting.intra` |
| IP Address | Server IP | `10.76.152.164` |
| Port | HTTPS port (default 443) | `443` |
### 4. Enable HTTPS
- Toggle: **Enable HTTPS**
- Click: **💾 Save HTTPS Configuration**
### 5. Verify
- ✅ Configuration shows as "ENABLED"
- ✅ Access via: `https://digiserver.sibiusb.harting.intra`
- ✅ Check status card for current settings
---
## 🔍 Status Display
### Enabled State ✅
```
✅ HTTPS ENABLED
Domain: digiserver.sibiusb.harting.intra
Hostname: digiserver
IP Address: 10.76.152.164
Port: 443
Access URL: https://digiserver.sibiusb.harting.intra
Last Updated: 2024-01-14 15:30:45 by admin
```
### Disabled State ⚠️
```
⚠️ HTTPS DISABLED
The application is currently running on HTTP only (port 80)
Enable HTTPS below to secure your application.
```
---
## 🔐 Access Points
### After HTTPS is Enabled
| Access Type | URL | Use Case |
|------------|-----|----------|
| **Primary (HTTPS)** | `https://digiserver.sibiusb.harting.intra` | Daily use, secure |
| **Fallback (HTTP)** | `http://10.76.152.164` | Troubleshooting, direct IP access |
---
## ✅ Prerequisites Checklist
Before enabling HTTPS:
- [ ] DNS resolves domain to IP: `nslookup digiserver.sibiusb.harting.intra`
- [ ] Firewall allows port 80 (HTTP)
- [ ] Firewall allows port 443 (HTTPS)
- [ ] Server IP is `10.76.152.164`
- [ ] Domain is `digiserver.sibiusb.harting.intra`
---
## 🐛 Troubleshooting
### HTTPS Not Working?
1. **Check Status**
- Admin → HTTPS Configuration
- Verify "HTTPS ENABLED" is shown
2. **Test DNS**
```bash
nslookup digiserver.sibiusb.harting.intra
```
Should resolve to: `10.76.152.164`
3. **Test Ports**
```bash
# Should be reachable
telnet 10.76.152.164 443
telnet 10.76.152.164 80
```
4. **Check Logs**
- Admin Panel → Server Logs
- Look for HTTPS enable/disable messages
5. **View Caddy Logs**
```bash
docker-compose logs caddy
```
### Domain Not Resolving?
**Add to hosts file** (temporary):
- Windows: `C:\Windows\System32\drivers\etc\hosts`
- Mac/Linux: `/etc/hosts`
Add line:
```
10.76.152.164 digiserver.sibiusb.harting.intra
```
---
## 📋 Common Tasks
### Enable HTTPS
1. Go to Admin → HTTPS Configuration
2. Toggle "Enable HTTPS"
3. Fill in hostname, domain, IP
4. Click "Save HTTPS Configuration"
### Disable HTTPS
1. Go to Admin → HTTPS Configuration
2. Toggle off "Enable HTTPS"
3. Click "Save HTTPS Configuration"
4. App returns to HTTP only
### Change Domain
1. Go to Admin → HTTPS Configuration
2. Update "Full Domain Name"
3. Click "Save HTTPS Configuration"
### Check Current Settings
1. Go to Admin → HTTPS Configuration
2. View status card at top
3. Shows all current settings
### View Configuration History
1. Admin Panel → Server Logs
2. Search for "HTTPS"
3. See all changes and who made them
---
## 🎯 Configuration Examples
### Default Setup (Already Provided)
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP: 10.76.152.164
Port: 443
```
### Different IP
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP: 10.76.152.165 ← Change this
Port: 443
```
### Different Domain
```
Hostname: myserver
Domain: myserver.company.local ← Change this
IP: 10.76.152.164
Port: 443
```
---
## 🔒 Security Notes
✅ **Admin-Only Feature**
- Only administrators can access this page
- All changes logged with admin username
✅ **Automatic SSL Certificates**
- Let's Encrypt manages certificates
- Auto-renewed before expiration
- No manual certificate management needed
✅ **Access Control**
- HTTP redirects to HTTPS automatically
- Security headers automatically added
- Safe for internal and external access
---
## 📞 Need Help?
1. **Check Documentation**
- See: `HTTPS_CONFIGURATION.md` for detailed guide
- See: `HTTPS_IMPLEMENTATION_SUMMARY.md` for architecture
2. **View Logs**
- Admin Panel → Server Logs
- Filter for HTTPS-related entries
3. **Test Configuration**
```bash
# Via CLI
python https_manager.py status
```
4. **Restart Application**
```bash
docker-compose restart
```
---
## 📊 Quick Status Check
**CLI Command:**
```bash
python https_manager.py status
```
**Output:**
```
==================================================
HTTPS Configuration Status
==================================================
Status: ✅ ENABLED
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP Address: 10.76.152.164
Port: 443
Updated: 2024-01-14 15:30:45 by admin
Access URL: https://digiserver.sibiusb.harting.intra
Fallback: http://10.76.152.164
==================================================
```
---
## 🎉 You're All Set!
Your HTTPS configuration is ready to use. The system will:
- ✅ Manage SSL certificates automatically
- ✅ Keep them renewed
- ✅ Provide secure access
- ✅ Log all configuration changes
- ✅ Offer fallback HTTP access
**That's it! Your app is now secure!** 🔒

0
old_code_documentation/HTTPS_SETUP.md Normal file → Executable file
View File

0
old_code_documentation/IMPLEMENTATION_OPTIONAL_LIBREOFFICE.md Normal file → Executable file
View File

0
old_code_documentation/OPTIONAL_DEPENDENCIES.md Normal file → Executable file
View File

0
old_code_documentation/PLAYER_EDIT_MEDIA_API.md Normal file → Executable file
View File

0
old_code_documentation/README.md Normal file → Executable file
View File

0
old_code_documentation/add_muted_column.py Normal file → Executable file
View File

0
old_code_documentation/check_fix_player.py Normal file → Executable file
View File

0
old_code_documentation/migrate_add_edit_enabled.py Normal file → Executable file
View File