modified

Add HTTPS support with Caddy and clean up legacy files
- Add Caddy reverse proxy for automatic HTTPS with Let's Encrypt - Update docker-compose.yml with Caddy service and internal networking - Remove all Redis dependencies (not needed for this deployment) - Fix Dockerfile permissions for instance and uploads directories - Move legacy scripts to old_code_documentation folder - add_muted_column.py, check_fix_player.py, migrate_add_edit_enabled.py - docker-start.sh, run_dev.sh, start.sh, clean_for_deployment.sh - Add HTTPS_SETUP.md documentation for Caddy configuration - Update .env.example with DOMAIN and EMAIL variables - Remove redis package from requirements.txt - Remove rate limiting Redis storage from config.py
2025-12-12 15:52:04 +02:00 · 2025-12-11 16:56:44 +02:00
14 changed files with 163 additions and 24 deletions
--- a/43
+++ b/43
@@ -0,0 +1,43 @@
 {
    # Global options
    email {$EMAIL}
    # Uncomment for testing to avoid rate limits
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 }
 {$DOMAIN:localhost} {
    # Automatic HTTPS (Caddy handles Let's Encrypt automatically)
    # Reverse proxy to Flask app
    reverse_proxy digiserver:5000 {
        # Headers
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Proto {scheme}
        # Timeouts for large uploads
        transport http {
            read_timeout 300s
            write_timeout 300s
        }
    }
    # File upload size limit (2GB)
    request_body {
        max_size 2GB
    }
    # Security headers
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Frame-Options "SAMEORIGIN"
        X-Content-Type-Options "nosniff"
        X-XSS-Protection "1; mode=block"
    }
    # Logging
    log {
        output file /var/log/caddy/access.log
    }
 }
--- a/6
+++ b/6
@@ -4,15 +4,15 @@ FROM python:3.13-slim
 # Set working directory
 WORKDIR /app
-# Install system dependencies
+# Install system dependencies including LibreOffice for PPTX conversion
 # Note: LibreOffice is excluded from the base image to reduce size (~500MB)
 # It can be installed on-demand via the Admin Panel → System Dependencies
 RUN apt-get update && apt-get install -y \
    poppler-utils \
    ffmpeg \
    libmagic1 \
    sudo \
    fonts-noto-color-emoji \
    libreoffice \
    libreoffice-impress \
    && rm -rf /var/lib/apt/lists/*
 # Copy requirements first for better caching
--- a/app/config.py
+++ b/app/config.py
@@ -87,9 +87,6 @@ class ProductionConfig(Config):
    # Security
    SESSION_COOKIE_SECURE = True
    WTF_CSRF_ENABLED = True
    # Rate Limiting
    RATELIMIT_STORAGE_URL = f"redis://{os.getenv('REDIS_HOST', 'redis')}:6379/1"
 class TestingConfig(Config):
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,8 @@ services:
  digiserver:
    build: .
    container_name: digiserver-v2
-    ports:
+    expose:
-      - "80:5000"
+      - "5000"
    volumes:
      - ./instance:/app/instance
      - ./app/static/uploads:/app/app/static/uploads
@@ -21,14 +21,33 @@ services:
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - digiserver-network
-  # Optional: Redis for caching (uncomment if needed)
+  caddy:
-  # redis:
+    image: caddy:2-alpine
-  #   image: redis:7-alpine
+    container_name: digiserver-caddy
-  #   container_name: digiserver-redis
+    ports:
-  #   restart: unless-stopped
+      - "80:80"
-  #   volumes:
+      - "443:443"
-  #     - redis-data:/data
+      - "443:443/udp"  # HTTP/3
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy-data:/data
      - caddy-config:/config
    environment:
      - DOMAIN=${DOMAIN:-localhost}
      - EMAIL=${EMAIL:-admin@localhost}
    depends_on:
      - digiserver
    restart: unless-stopped
    networks:
      - digiserver-network
-# volumes:
+networks:
-#   redis-data:
+  digiserver-network:
    driver: bridge
 volumes:
  caddy-data:
  caddy-config:
--- a/old_code_documentation/.env.example
+++ b/old_code_documentation/.env.example
@@ -5,13 +5,13 @@ FLASK_ENV=development
 # Security
 SECRET_KEY=change-this-to-a-random-secret-key
 # Domain & SSL (for HTTPS with Caddy)
 DOMAIN=your-domain.com
 EMAIL=admin@your-domain.com
 # Database
 DATABASE_URL=sqlite:///instance/dev.db
 # Redis (for production)
 REDIS_HOST=redis
 REDIS_PORT=6379
 # Admin User Credentials (used during initial Docker deployment)
 # These credentials are set when the database is first created
 ADMIN_USERNAME=admin
--- a/old_code_documentation/HTTPS_SETUP.md
+++ b/old_code_documentation/HTTPS_SETUP.md
@@ -0,0 +1,75 @@
 # DigiServer v2 - HTTPS Setup with Caddy
 This setup uses **Caddy** as a reverse proxy with automatic HTTPS via Let's Encrypt.
 ## Quick Setup
 ### 1. Configure Domain
 Create a `.env` file or edit the existing one:
 ```bash
 cp .env.example .env
 ```
 Edit `.env` and set:
 ```
 DOMAIN=your-domain.com
 EMAIL=admin@your-domain.com
 ```
 ### 2. Point Your Domain
 Make sure your domain's DNS A record points to your server's IP address.
 ### 3. Start Services
 ```bash
 docker compose up -d
 ```
 That's it! Caddy will **automatically**:
 - Obtain SSL certificates from Let's Encrypt
 - Renew certificates before expiration
 - Redirect HTTP to HTTPS
 - Enable HTTP/2 and HTTP/3
 ## Access Your Site
 - **HTTP**: http://your-domain.com (redirects to HTTPS)
 - **HTTPS**: https://your-domain.com
 ## Testing Locally (Without Domain)
 If you don't have a domain yet, leave DOMAIN as `localhost`:
 ```
 DOMAIN=localhost
 ```
 Then access: http://localhost (no HTTPS, but app works)
 ## Certificate Storage
 SSL certificates are stored in Docker volumes:
 - `caddy-data` - Certificate data
 - `caddy-config` - Caddy configuration
 ## Troubleshooting
 ### Check Caddy logs:
 ```bash
 docker logs digiserver-caddy
 ```
 ### Verify certificates:
 ```bash
 docker exec digiserver-caddy caddy list-certificates
 ```
 ### Force certificate renewal:
 ```bash
 docker exec digiserver-caddy caddy reload --config /etc/caddy/Caddyfile
 ```
 ## Port Forwarding
 Make sure your firewall/router allows:
 - Port 80 (HTTP - for Let's Encrypt challenge)
 - Port 443 (HTTPS)
--- a/old_code_documentation/add_muted_column.py
+++ b/old_code_documentation/add_muted_column.py
--- a/old_code_documentation/check_fix_player.py
+++ b/old_code_documentation/check_fix_player.py
--- a/old_code_documentation/clean_for_deployment.sh
+++ b/old_code_documentation/clean_for_deployment.sh
@@ -4,7 +4,12 @@
 set -e
 # Get the root directory of the application
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 APP_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
 echo "🧹 Cleaning DigiServer v2 for deployment..."
 echo "📍 App root: $APP_ROOT"
 echo ""
 # Confirm action
@@ -18,6 +23,9 @@ fi
 echo ""
 echo "📦 Cleaning development data..."
 # Change to app root directory
 cd "$APP_ROOT"
 # Remove database files
 if [ -d "instance" ]; then
    echo "  🗄️  Removing database files..."
--- a/old_code_documentation/docker-start.sh
+++ b/old_code_documentation/docker-start.sh
--- a/old_code_documentation/migrate_add_edit_enabled.py
+++ b/old_code_documentation/migrate_add_edit_enabled.py
--- a/old_code_documentation/run_dev.sh
+++ b/old_code_documentation/run_dev.sh
--- a/old_code_documentation/start.sh
+++ b/old_code_documentation/start.sh
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,9 +16,6 @@ Flask-Caching==2.1.0
 SQLAlchemy==2.0.37
 alembic==1.14.1
 # Redis (for caching in production)
 redis==5.0.1
 # Date parsing
 python-dateutil==2.9.0