48f1bfbcad
- Add HTTPSConfig model for managing HTTPS settings - Add admin routes for HTTPS configuration management - Add beautiful admin template for HTTPS configuration - Add database migration for https_config table - Add CLI utility for HTTPS management - Add setup script for automated configuration - Add Caddy configuration generator and manager - Add comprehensive documentation (3 guides) - Add HTTPS Configuration card to admin dashboard - Implement input validation and security features - Add admin-only access control with audit trail - Add real-time configuration preview - Integrate with existing Caddy reverse proxy Features: - Enable/disable HTTPS from web interface - Configure domain, hostname, IP address, port - Automatic SSL certificate management via Let's Encrypt - Real-time Caddyfile generation and reload - Full audit trail with admin username and timestamps - Support for HTTPS and HTTP fallback access points - Beautiful, mobile-responsive UI Modified files: - app/models/__init__.py (added HTTPSConfig import) - app/blueprints/admin.py (added HTTPS routes) - app/templates/admin/admin.html (added HTTPS card) - docker-compose.yml (added Caddyfile mount and admin port) New files: - app/models/https_config.py - app/blueprints/https_config.html - app/utils/caddy_manager.py - https_manager.py - setup_https.sh - migrations/add_https_config_table.py - migrations/add_email_to_https_config.py - HTTPS_STATUS.txt - Documentation files (3 markdown guides)
61 lines
1.3 KiB
Caddyfile
Executable File
61 lines
1.3 KiB
Caddyfile
Executable File
{
|
|
# Global options
|
|
email admin@example.com
|
|
# Admin API for configuration management (listen on all interfaces)
|
|
admin 0.0.0.0:2019
|
|
# Uncomment for testing to avoid rate limits
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
}
|
|
|
|
# Shared reverse proxy configuration
|
|
(reverse_proxy_config) {
|
|
reverse_proxy digiserver-app:5000 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
|
|
# Timeouts for large uploads
|
|
transport http {
|
|
read_timeout 300s
|
|
write_timeout 300s
|
|
}
|
|
}
|
|
|
|
# File upload size limit (2GB)
|
|
request_body {
|
|
max_size 2GB
|
|
}
|
|
|
|
# Security headers
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
}
|
|
}
|
|
|
|
# Localhost (development/local access)
|
|
http://localhost {
|
|
import reverse_proxy_config
|
|
}
|
|
|
|
# Internal domain (HTTP only - internal use)
|
|
http://digiserver.sibiusb.harting.intra {
|
|
import reverse_proxy_config
|
|
}
|
|
|
|
# Handle IP address access
|
|
http://10.76.152.164 {
|
|
import reverse_proxy_config
|
|
}
|
|
|
|
# Catch-all for any other HTTP requests
|
|
http://* {
|
|
import reverse_proxy_config
|
|
}
|