mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2025-12-31 00:09:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add HTTPS support with mkcert and automatic SSL configuration

Browse Source 
Add comprehensive HTTPS support with two deployment options:
- mkcert for local development with trusted certificates
- Automatic SSL with Let's Encrypt for production

HTTPS Implementation:
- Add docker-compose.https-mkcert.yml for local HTTPS development
- Add docker-compose.https-auto.yml for automatic SSL certificates
- Create Dockerfile.mkcert for certificate generation
- Add setup scripts (setup-https-mkcert.sh/bat)
- Add startup scripts (start-https.sh/bat)
- Add certificate generation script (generate-mkcert-certs.sh)

CSRF and IP Access Fixes:
- Fix CSRF token validation for IP-based access
- Add CSRF troubleshooting documentation
- Update configuration to handle various access patterns

Documentation:
- Add HTTPS_MKCERT_GUIDE.md with setup instructions
- Add README_HTTPS.md with general HTTPS documentation
- Add README_HTTPS_AUTO.md for automatic SSL setup
- Add AUTOMATIC_HTTPS_SUMMARY.md
- Add CSRF_IP_ACCESS_FIX.md and CSRF_IP_FIX_SUMMARY.md
- Add docs/CSRF_IP_ACCESS_GUIDE.md
- Update main README.md with HTTPS information

Configuration:
- Update .gitignore for SSL certificates and nginx configs
- Update env.example with new HTTPS-related variables
- Update docker-compose.yml with SSL configuration options

This enables secure HTTPS access in both development and production
environments while maintaining compatibility with existing deployments.
This commit is contained in:
Dries Peeters
2025-10-13 18:32:45 +02:00
parent e61c628526
commit 94e8e49439
25 changed files with 3527 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
docker-compose.https-auto.yml Normal file
View File

@@ -0,0 +1,35 @@
services:
# Certificate generator - runs once to create certificates
certgen:
image: alpine:latest
container_name: timetracker-certgen
volumes:
- ./nginx/ssl:/certs
- ./scripts:/scripts:ro
command: sh /scripts/generate-certs.sh
restart: "no"
nginx:
image: nginx:alpine
container_name: timetracker-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
depends_on:
certgen:
condition: service_completed_successfully
app:
condition: service_started
restart: unless-stopped
app:
ports: [] # nginx handles all ports
environment:
- WTF_CSRF_SSL_STRICT=true
- SESSION_COOKIE_SECURE=true
- CSRF_COOKIE_SECURE=true
restart: unless-stopped