feat: Complete HTTPS multi-endpoint configuration and deployment automation

- Enhanced Caddyfile with consolidated HTTPS block supporting all access points - Added support for https://digiserver, https://10.76.152.164, and https://digiserver.sibiusb.harting.intra - Configured Caddy reverse proxy with HTTP/3 (QUIC), TLS 1.3+, and HTTP/2 support - Implemented security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection) - Added HTTP to HTTPS automatic redirects for all endpoints - Enhanced setup_https.sh with improved error handling and progress reporting - Created deploy.sh for fully automated one-command deployment - Added comprehensive deployment documentation (5 guides) - Configured 2GB file upload limit and 300s request/response timeouts - Added Caddy admin API on port 2019 for configuration management - Implemented health checks and container dependency management - All volumes persistent and properly isolated - Production-ready configuration with environment variable parameterization
2026-01-14 20:40:26 +02:00
parent 361e0bc459
commit cedb411536
10 changed files with 1924 additions and 41 deletions
--- a/old_code_documentation/DOCKER_EXEC_COMMANDS.md
+++ b/old_code_documentation/DOCKER_EXEC_COMMANDS.md
@@ -0,0 +1,353 @@
+# DigiServer Docker Exec Commands - Quick Reference
+
+Quick reference guide for common `docker exec` commands used in DigiServer deployment and maintenance.
+
+## 🚀 Quick Start
+
+### Complete Automated Deployment
+```bash
+./deploy.sh
+```
+
+### Manual Step-by-Step Setup
+```bash
+./setup_https.sh
+```
+
+---
+
+## 📊 Database Migrations
+
+Run migrations in this order:
+
+```bash
+# 1. HTTPS Configuration table
+docker-compose exec -T digiserver-app python /app/migrations/add_https_config_table.py
+
+# 2. Player User table
+docker-compose exec -T digiserver-app python /app/migrations/add_player_user_table.py
+
+# 3. Email column for HTTPS config
+docker-compose exec -T digiserver-app python /app/migrations/add_email_to_https_config.py
+
+# 4. Player User global migration
+docker-compose exec -T digiserver-app python /app/migrations/migrate_player_user_global.py
+```
+
+---
+
+## 🔒 HTTPS Configuration Management
+
+### Check HTTPS Status
+```bash
+docker-compose exec -T digiserver-app python /app/https_manager.py status
+```
+
+### Show Detailed Configuration
+```bash
+docker-compose exec -T digiserver-app python /app/https_manager.py show
+```
+
+### Enable HTTPS (Production Settings)
+```bash
+docker-compose exec -T digiserver-app python /app/https_manager.py enable \
+    digiserver \
+    digiserver.sibiusb.harting.intra \
+    admin@example.com \
+    10.76.152.164 \
+    443
+```
+
+### Disable HTTPS
+```bash
+docker-compose exec -T digiserver-app python /app/https_manager.py disable
+```
+
+---
+
+## 👤 User Management
+
+### Create Admin User
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+from app.models.user import User
+from app.extensions import db
+
+app = create_app()
+with app.app_context():
+    admin = User.query.filter_by(username='admin').first()
+    if not admin:
+        admin = User(username='admin', email='admin@example.com')
+        admin.set_password('admin123')
+        admin.is_admin = True
+        db.session.add(admin)
+        db.session.commit()
+        print('✅ Admin user created')
+    else:
+        print('✅ Admin user already exists')
+"
+```
+
+### Reset Admin Password
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+from app.models.user import User
+from app.extensions import db
+
+app = create_app()
+with app.app_context():
+    admin = User.query.filter_by(username='admin').first()
+    if admin:
+        admin.set_password('newpassword123')
+        db.session.commit()
+        print('✅ Admin password reset successfully')
+    else:
+        print('❌ Admin user not found')
+"
+```
+
+---
+
+## 🔍 Database Inspection
+
+### List All Tables
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+from sqlalchemy import inspect
+
+app = create_app()
+with app.app_context():
+    inspector = inspect(app.extensions.db.engine)
+    tables = inspector.get_table_names()
+    for table in sorted(tables):
+        print(f'  ✓ {table}')
+    print(f'Total: {len(tables)} tables')
+"
+```
+
+### Check HTTPS Configuration Record
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+from app.models.https_config import HTTPSConfig
+
+app = create_app()
+with app.app_context():
+    config = HTTPSConfig.get_config()
+    if config:
+        print('HTTPS Configuration:')
+        print(f'  Status:     {\"ENABLED\" if config.https_enabled else \"DISABLED\"}')
+        print(f'  Hostname:   {config.hostname}')
+        print(f'  Domain:     {config.domain}')
+        print(f'  IP:         {config.ip_address}')
+        print(f'  Port:       {config.port}')
+        print(f'  Updated:    {config.updated_at}')
+        print(f'  Updated by: {config.updated_by}')
+    else:
+        print('No configuration found')
+"
+```
+
+### Count Users
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+from app.models.user import User
+
+app = create_app()
+with app.app_context():
+    count = User.query.count()
+    print(f'Total users: {count}')
+    admins = User.query.filter_by(is_admin=True).count()
+    print(f'Admin users: {admins}')
+"
+```
+
+---
+
+## 🧪 Health Checks
+
+### Check Flask Application
+```bash
+docker-compose exec -T digiserver-app python -c "
+import urllib.request
+try:
+    response = urllib.request.urlopen('http://localhost:5000/', timeout=5)
+    print(f'✅ Application responding (HTTP {response.status})')
+except Exception as e:
+    print(f'❌ Application error: {e}')
+"
+```
+
+### Validate Caddy Configuration
+```bash
+docker-compose exec -T caddy caddy validate --config /etc/caddy/Caddyfile
+```
+
+### Test HTTPS from Container
+```bash
+docker-compose exec -T caddy wget --no-check-certificate -qO- https://localhost/ | head -10
+```
+
+---
+
+## 🛠️ Maintenance Commands
+
+### View Caddy Configuration
+```bash
+docker-compose exec -T caddy cat /etc/caddy/Caddyfile
+```
+
+### Reload Caddy Configuration
+```bash
+docker-compose exec -T caddy caddy reload --config /etc/caddy/Caddyfile
+```
+
+### View Application Logs (Last 50 lines)
+```bash
+docker-compose logs --tail=50 digiserver-app
+```
+
+### View Caddy Logs (Last 50 lines)
+```bash
+docker-compose logs --tail=50 caddy
+```
+
+### Clear All Logs
+```bash
+docker-compose logs --clear
+```
+
+---
+
+## 🔄 Container Management
+
+### Restart All Containers
+```bash
+docker-compose restart
+```
+
+### Restart Specific Container
+```bash
+# Restart application
+docker-compose restart digiserver-app
+
+# Restart Caddy
+docker-compose restart caddy
+```
+
+### Stop All Containers
+```bash
+docker-compose stop
+```
+
+### Start All Containers
+```bash
+docker-compose start
+```
+
+### Remove Everything (Clean slate)
+```bash
+docker-compose down
+```
+
+### Remove Everything Including Volumes (Full cleanup)
+```bash
+docker-compose down -v
+```
+
+---
+
+## 📦 Backup and Recovery
+
+### Backup Database
+```bash
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+import shutil
+from datetime import datetime
+
+app = create_app()
+timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+backup_name = f'digiserver_{timestamp}.db'
+
+with app.app_context():
+    # Get database path
+    db_path = app.instance_path + '/digiserver.db'
+    shutil.copy(db_path, f'/app/backups/{backup_name}')
+    print(f'✅ Backup created: {backup_name}')
+"
+```
+
+### List Database Backups
+```bash
+docker-compose exec -T digiserver-app ls -lah /app/backups/
+```
+
+---
+
+## 🚨 Troubleshooting
+
+### Common Issues
+
+**Containers won't start:**
+```bash
+# Check logs
+docker-compose logs
+
+# Try rebuild
+docker-compose up -d --build
+```
+
+**Migration fails:**
+```bash
+# Check database connection
+docker-compose exec -T digiserver-app python -c "
+from app.app import create_app
+app = create_app()
+print('✅ Database connection OK')
+"
+```
+
+**Certificate issues:**
+```bash
+# Clear Caddy cache
+docker volume rm digiserver-v2_caddy-data
+docker volume rm digiserver-v2_caddy-config
+
+# Restart Caddy
+docker-compose restart caddy
+```
+
+**Port conflicts:**
+```bash
+# Find what's using port 443
+lsof -i :443
+
+# Find what's using port 80
+lsof -i :80
+```
+
+---
+
+## 📝 Tips and Notes
+
+- **`-T` flag**: Prevents Docker from allocating a pseudo-terminal (use in scripts)
+- **No `-T` flag**: Allocates a terminal (use for interactive commands)
+- **Container name**: `digiserver-app` (Flask application)
+- **Container name**: `digiserver-caddy` (Reverse proxy)
+- **Network**: `digiserver-v2_digiserver-network`
+- **Database**: SQLite at `/app/instance/digiserver.db`
+
+---
+
+## 🔗 Related Documentation
+
+- [DEPLOYMENT_COMMANDS.md](DEPLOYMENT_COMMANDS.md) - Complete deployment guide
+- [setup_https.sh](setup_https.sh) - Semi-automated setup script
+- [deploy.sh](deploy.sh) - Fully automated deployment script
+- [HTTPS_CONFIGURATION.md](old_code_documentation/HTTPS_CONFIGURATION.md) - HTTPS details
+