ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
48f1bfbcad285fd0ace13a369acef3b7362e2670
digiserver-v2/old_code_documentation/HTTPS_QUICK_REFERENCE.md
Quality App Developer 48f1bfbcad Add HTTPS configuration management system 
- Add HTTPSConfig model for managing HTTPS settings
- Add admin routes for HTTPS configuration management
- Add beautiful admin template for HTTPS configuration
- Add database migration for https_config table
- Add CLI utility for HTTPS management
- Add setup script for automated configuration
- Add Caddy configuration generator and manager
- Add comprehensive documentation (3 guides)
- Add HTTPS Configuration card to admin dashboard
- Implement input validation and security features
- Add admin-only access control with audit trail
- Add real-time configuration preview
- Integrate with existing Caddy reverse proxy

Features:
- Enable/disable HTTPS from web interface
- Configure domain, hostname, IP address, port
- Automatic SSL certificate management via Let's Encrypt
- Real-time Caddyfile generation and reload
- Full audit trail with admin username and timestamps
- Support for HTTPS and HTTP fallback access points
- Beautiful, mobile-responsive UI

Modified files:
- app/models/__init__.py (added HTTPSConfig import)
- app/blueprints/admin.py (added HTTPS routes)
- app/templates/admin/admin.html (added HTTPS card)
- docker-compose.yml (added Caddyfile mount and admin port)

New files:
- app/models/https_config.py
- app/blueprints/https_config.html
- app/utils/caddy_manager.py
- https_manager.py
- setup_https.sh
- migrations/add_https_config_table.py
- migrations/add_email_to_https_config.py
- HTTPS_STATUS.txt
- Documentation files (3 markdown guides)
2026-01-14 12:02:49 +02:00

260 lines
5.4 KiB
Markdown
Raw Blame History

# HTTPS Configuration - Quick Reference Guide
## 🎯 Quick Access
**Admin Panel Location:** Main Dashboard → 🔒 **HTTPS Configuration** (Purple card)
---
## ⚡ Quick Setup (5 Minutes)
### 1. Initial State
Your app is running on HTTP. Access: `http://10.76.152.164`
### 2. Navigate to HTTPS Config
- Admin Panel → 🔒 HTTPS Configuration
### 3. Configure (Fill In)
| Field | Value | Example |
|-------|-------|---------|
| Hostname | Server short name | `digiserver` |
| Domain | Full domain name | `digiserver.sibiusb.harting.intra` |
| IP Address | Server IP | `10.76.152.164` |
| Port | HTTPS port (default 443) | `443` |
### 4. Enable HTTPS
- Toggle: **Enable HTTPS**
- Click: **💾 Save HTTPS Configuration**
### 5. Verify
- ✅ Configuration shows as "ENABLED"
- ✅ Access via: `https://digiserver.sibiusb.harting.intra`
- ✅ Check status card for current settings
---
## 🔍 Status Display
### Enabled State ✅
```
✅ HTTPS ENABLED
Domain: digiserver.sibiusb.harting.intra
Hostname: digiserver
IP Address: 10.76.152.164
Port: 443
Access URL: https://digiserver.sibiusb.harting.intra
Last Updated: 2024-01-14 15:30:45 by admin
```
### Disabled State ⚠️
```
⚠️ HTTPS DISABLED
The application is currently running on HTTP only (port 80)
Enable HTTPS below to secure your application.
```
---
## 🔐 Access Points
### After HTTPS is Enabled
| Access Type | URL | Use Case |
|------------|-----|----------|
| **Primary (HTTPS)** | `https://digiserver.sibiusb.harting.intra` | Daily use, secure |
| **Fallback (HTTP)** | `http://10.76.152.164` | Troubleshooting, direct IP access |
---
## ✅ Prerequisites Checklist
Before enabling HTTPS:
- [ ] DNS resolves domain to IP: `nslookup digiserver.sibiusb.harting.intra`
- [ ] Firewall allows port 80 (HTTP)
- [ ] Firewall allows port 443 (HTTPS)
- [ ] Server IP is `10.76.152.164`
- [ ] Domain is `digiserver.sibiusb.harting.intra`
---
## 🐛 Troubleshooting
### HTTPS Not Working?
1. **Check Status**
- Admin → HTTPS Configuration
- Verify "HTTPS ENABLED" is shown
2. **Test DNS**
```bash
nslookup digiserver.sibiusb.harting.intra
```
Should resolve to: `10.76.152.164`
3. **Test Ports**
```bash
# Should be reachable
telnet 10.76.152.164 443
telnet 10.76.152.164 80
```
4. **Check Logs**
- Admin Panel → Server Logs
- Look for HTTPS enable/disable messages
5. **View Caddy Logs**
```bash
docker-compose logs caddy
```
### Domain Not Resolving?
**Add to hosts file** (temporary):
- Windows: `C:\Windows\System32\drivers\etc\hosts`
- Mac/Linux: `/etc/hosts`
Add line:
```
10.76.152.164 digiserver.sibiusb.harting.intra
```
---
## 📋 Common Tasks
### Enable HTTPS
1. Go to Admin → HTTPS Configuration
2. Toggle "Enable HTTPS"
3. Fill in hostname, domain, IP
4. Click "Save HTTPS Configuration"
### Disable HTTPS
1. Go to Admin → HTTPS Configuration
2. Toggle off "Enable HTTPS"
3. Click "Save HTTPS Configuration"
4. App returns to HTTP only
### Change Domain
1. Go to Admin → HTTPS Configuration
2. Update "Full Domain Name"
3. Click "Save HTTPS Configuration"
### Check Current Settings
1. Go to Admin → HTTPS Configuration
2. View status card at top
3. Shows all current settings
### View Configuration History
1. Admin Panel → Server Logs
2. Search for "HTTPS"
3. See all changes and who made them
---
## 🎯 Configuration Examples
### Default Setup (Already Provided)
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP: 10.76.152.164
Port: 443
```
### Different IP
```
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP: 10.76.152.165 ← Change this
Port: 443
```
### Different Domain
```
Hostname: myserver
Domain: myserver.company.local ← Change this
IP: 10.76.152.164
Port: 443
```
---
## 🔒 Security Notes
✅ **Admin-Only Feature**
- Only administrators can access this page
- All changes logged with admin username
✅ **Automatic SSL Certificates**
- Let's Encrypt manages certificates
- Auto-renewed before expiration
- No manual certificate management needed
✅ **Access Control**
- HTTP redirects to HTTPS automatically
- Security headers automatically added
- Safe for internal and external access
---
## 📞 Need Help?
1. **Check Documentation**
- See: `HTTPS_CONFIGURATION.md` for detailed guide
- See: `HTTPS_IMPLEMENTATION_SUMMARY.md` for architecture
2. **View Logs**
- Admin Panel → Server Logs
- Filter for HTTPS-related entries
3. **Test Configuration**
```bash
# Via CLI
python https_manager.py status
```
4. **Restart Application**
```bash
docker-compose restart
```
---
## 📊 Quick Status Check
**CLI Command:**
```bash
python https_manager.py status
```
**Output:**
```
==================================================
HTTPS Configuration Status
==================================================
Status: ✅ ENABLED
Hostname: digiserver
Domain: digiserver.sibiusb.harting.intra
IP Address: 10.76.152.164
Port: 443
Updated: 2024-01-14 15:30:45 by admin
Access URL: https://digiserver.sibiusb.harting.intra
Fallback: http://10.76.152.164
==================================================
```
---
## 🎉 You're All Set!
Your HTTPS configuration is ready to use. The system will:
- ✅ Manage SSL certificates automatically
- ✅ Keep them renewed
- ✅ Provide secure access
- ✅ Log all configuration changes
- ✅ Offer fallback HTTP access
**That's it! Your app is now secure!** 🔒
Reference in New Issue View Git Blame Copy Permalink