From fc4c8a7474909c46dfd944fc305029e2ab58fbf0 Mon Sep 17 00:00:00 2001
From: Quality App Developer <dev@quality-app.local>
Date: Tue, 13 Jan 2026 14:28:07 +0200
Subject: [PATCH] Enable Caddy reverse proxy with automatic HTTPS on port 443

---
 docker-compose.yml | 62 ++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 32 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index ba8ba8c..997369b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,9 @@ services:
   digiserver:
     build: .
     container_name: digiserver-v2
+    # Don't expose directly; use Caddy reverse proxy instead
     ports:
-      - "8080:5000"  # Expose for nginx reverse proxy
+      - "5000"  # Internal only, accessed via Caddy
     volumes:
       - ./instance:/app/instance
       - ./app/static/uploads:/app/app/static/uploads
@@ -21,37 +22,34 @@ services:
       timeout: 10s
       retries: 3
       start_period: 40s
-    # Commented out network when using external nginx proxy
-    # networks:
-    #   - digiserver-network
+    networks:
+      - digiserver-network
 
-  # Caddy reverse proxy (commented out when using external nginx)
-  # Uncomment the section below if you want standalone deployment with automatic HTTPS
-  # caddy:
-  #   image: caddy:2-alpine
-  #   container_name: digiserver-caddy
-  #   ports:
-  #     - "80:80"
-  #     - "443:443"
-  #     - "443:443/udp"  # HTTP/3
-  #   volumes:
-  #     - ./Caddyfile:/etc/caddy/Caddyfile:ro
-  #     - caddy-data:/data
-  #     - caddy-config:/config
-  #   environment:
-  #     - DOMAIN=${DOMAIN:-localhost}
-  #     - EMAIL=${EMAIL:-admin@localhost}
-  #   depends_on:
-  #     - digiserver
-  #   restart: unless-stopped
-  #   networks:
-  #     - digiserver-network
+  # Caddy reverse proxy with automatic HTTPS
+  caddy:
+    image: caddy:2-alpine
+    container_name: digiserver-caddy
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"  # HTTP/3 support
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    environment:
+      - DOMAIN=${DOMAIN:-localhost}
+      - EMAIL=${EMAIL:-admin@localhost}
+    depends_on:
+      - digiserver
+    restart: unless-stopped
+    networks:
+      - digiserver-network
 
-# Commented out when using external nginx proxy
-# networks:
-#   digiserver-network:
-#     driver: bridge
+networks:
+  digiserver-network:
+    driver: bridge
 
-# volumes:
-#   caddy-data:
-#   caddy-config:
+volumes:
+  caddy-data:
+  caddy-config: