# DigiServer v2 - HTTPS Setup with Caddy

This setup uses **Caddy** as a reverse proxy with automatic HTTPS via Let's Encrypt.

## Quick Setup

### 1. Configure Domain
Create a `.env` file or edit the existing one:

```bash
cp .env.example .env
```

Edit `.env` and set:
```
DOMAIN=your-domain.com
EMAIL=admin@your-domain.com
```

### 2. Point Your Domain
Make sure your domain's DNS A record points to your server's IP address.

### 3. Start Services
```bash
docker compose up -d
```

That's it! Caddy will **automatically**:
- Obtain SSL certificates from Let's Encrypt
- Renew certificates before expiration
- Redirect HTTP to HTTPS
- Enable HTTP/2 and HTTP/3

## Access Your Site

- **HTTP**: http://your-domain.com (redirects to HTTPS)
- **HTTPS**: https://your-domain.com

## Testing Locally (Without Domain)

If you don't have a domain yet, leave DOMAIN as `localhost`:
```
DOMAIN=localhost
```

Then access: http://localhost (no HTTPS, but app works)

## Certificate Storage

SSL certificates are stored in Docker volumes:
- `caddy-data` - Certificate data
- `caddy-config` - Caddy configuration

## Troubleshooting

### Check Caddy logs:
```bash
docker logs digiserver-caddy
```

### Verify certificates:
```bash
docker exec digiserver-caddy caddy list-certificates
```

### Force certificate renewal:
```bash
docker exec digiserver-caddy caddy reload --config /etc/caddy/Caddyfile
```

## Port Forwarding

Make sure your firewall/router allows:
- Port 80 (HTTP - for Let's Encrypt challenge)
- Port 443 (HTTPS)