Add HTTPS support with Caddy and clean up legacy files

- Add Caddy reverse proxy for automatic HTTPS with Let's Encrypt
- Update docker-compose.yml with Caddy service and internal networking
- Remove all Redis dependencies (not needed for this deployment)
- Fix Dockerfile permissions for instance and uploads directories
- Move legacy scripts to old_code_documentation folder
  - add_muted_column.py, check_fix_player.py, migrate_add_edit_enabled.py
  - docker-start.sh, run_dev.sh, start.sh, clean_for_deployment.sh
- Add HTTPS_SETUP.md documentation for Caddy configuration
- Update .env.example with DOMAIN and EMAIL variables
- Remove redis package from requirements.txt
- Remove rate limiting Redis storage from config.py

Caddyfile

@@ -0,0 +1,43 @@
+{
+    # Global options
+    email {$EMAIL}
+    # Uncomment for testing to avoid rate limits
+    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+}
+
+{$DOMAIN:localhost} {
+    # Automatic HTTPS (Caddy handles Let's Encrypt automatically)
+    
+    # Reverse proxy to Flask app
+    reverse_proxy digiserver:5000 {
+        # Headers
+        header_up Host {host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+        
+        # Timeouts for large uploads
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+        }
+    }
+    
+    # File upload size limit (2GB)
+    request_body {
+        max_size 2GB
+    }
+    
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+    }
+    
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+    }
+}

app/config.py

@@ -87,9 +87,6 @@ class ProductionConfig(Config):
     # Security
     SESSION_COOKIE_SECURE = True
     WTF_CSRF_ENABLED = True
-    
-    # Rate Limiting
-    RATELIMIT_STORAGE_URL = f"redis://{os.getenv('REDIS_HOST', 'redis')}:6379/1"
 
 
 class TestingConfig(Config):

docker-compose.yml

@@ -4,8 +4,8 @@ services:
   digiserver:
     build: .
     container_name: digiserver-v2
-    ports:
-      - "80:5000"
+    expose:
+      - "5000"
     volumes:
       - ./instance:/app/instance
       - ./app/static/uploads:/app/app/static/uploads
@@ -21,14 +21,33 @@ services:
       timeout: 10s
       retries: 3
       start_period: 40s
+    networks:
+      - digiserver-network
 
-  # Optional: Redis for caching (uncomment if needed)
-  # redis:
-  #   image: redis:7-alpine
-  #   container_name: digiserver-redis
-  #   restart: unless-stopped
-  #   volumes:
-  #     - redis-data:/data
+  caddy:
+    image: caddy:2-alpine
+    container_name: digiserver-caddy
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"  # HTTP/3
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    environment:
+      - DOMAIN=${DOMAIN:-localhost}
+      - EMAIL=${EMAIL:-admin@localhost}
+    depends_on:
+      - digiserver
+    restart: unless-stopped
+    networks:
+      - digiserver-network
 
-# volumes:
-#   redis-data:
+networks:
+  digiserver-network:
+    driver: bridge
+
+volumes:
+  caddy-data:
+  caddy-config:

old_code_documentation/.env.example

@@ -5,13 +5,13 @@ FLASK_ENV=development
 # Security
 SECRET_KEY=change-this-to-a-random-secret-key
 
+# Domain & SSL (for HTTPS with Caddy)
+DOMAIN=your-domain.com
+EMAIL=admin@your-domain.com
+
 # Database
 DATABASE_URL=sqlite:///instance/dev.db
 
-# Redis (for production)
-REDIS_HOST=redis
-REDIS_PORT=6379
-
 # Admin User Credentials (used during initial Docker deployment)
 # These credentials are set when the database is first created
 ADMIN_USERNAME=admin

old_code_documentation/HTTPS_SETUP.md

@@ -0,0 +1,75 @@
+# DigiServer v2 - HTTPS Setup with Caddy
+
+This setup uses **Caddy** as a reverse proxy with automatic HTTPS via Let's Encrypt.
+
+## Quick Setup
+
+### 1. Configure Domain
+Create a `.env` file or edit the existing one:
+
+```bash
+cp .env.example .env
+```
+
+Edit `.env` and set:
+```
+DOMAIN=your-domain.com
+EMAIL=admin@your-domain.com
+```
+
+### 2. Point Your Domain
+Make sure your domain's DNS A record points to your server's IP address.
+
+### 3. Start Services
+```bash
+docker compose up -d
+```
+
+That's it! Caddy will **automatically**:
+- Obtain SSL certificates from Let's Encrypt
+- Renew certificates before expiration
+- Redirect HTTP to HTTPS
+- Enable HTTP/2 and HTTP/3
+
+## Access Your Site
+
+- **HTTP**: http://your-domain.com (redirects to HTTPS)
+- **HTTPS**: https://your-domain.com
+
+## Testing Locally (Without Domain)
+
+If you don't have a domain yet, leave DOMAIN as `localhost`:
+```
+DOMAIN=localhost
+```
+
+Then access: http://localhost (no HTTPS, but app works)
+
+## Certificate Storage
+
+SSL certificates are stored in Docker volumes:
+- `caddy-data` - Certificate data
+- `caddy-config` - Caddy configuration
+
+## Troubleshooting
+
+### Check Caddy logs:
+```bash
+docker logs digiserver-caddy
+```
+
+### Verify certificates:
+```bash
+docker exec digiserver-caddy caddy list-certificates
+```
+
+### Force certificate renewal:
+```bash
+docker exec digiserver-caddy caddy reload --config /etc/caddy/Caddyfile
+```
+
+## Port Forwarding
+
+Make sure your firewall/router allows:
+- Port 80 (HTTP - for Let's Encrypt challenge)
+- Port 443 (HTTPS)

old_code_documentation/clean_for_deployment.sh

@@ -4,7 +4,12 @@
 
 set -e
 
+# Get the root directory of the application
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+APP_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
 echo "🧹 Cleaning DigiServer v2 for deployment..."
+echo "📍 App root: $APP_ROOT"
 echo ""
 
 # Confirm action
@@ -18,6 +23,9 @@ fi
 echo ""
 echo "📦 Cleaning development data..."
 
+# Change to app root directory
+cd "$APP_ROOT"
+
 # Remove database files
 if [ -d "instance" ]; then
     echo "  🗄️  Removing database files..."

requirements.txt

@@ -16,9 +16,6 @@ Flask-Caching==2.1.0
 SQLAlchemy==2.0.37
 alembic==1.14.1
 
-# Redis (for caching in production)
-redis==5.0.1
-
 # Date parsing
 python-dateutil==2.9.0