mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-02-14 16:38:41 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
53c58ec43e218b2fc1681672e85124dc11331bd7
TimeTracker/docs/admin/security/README_HTTPS.md
Dries Peeters 29f7186ee8 docs: Reorganize documentation structure for better navigation 
Complete reorganization of project documentation to improve discoverability,
navigation, and maintainability. All documentation has been restructured into
a clear, role-based hierarchy.

## Major Changes

### New Directory Structure
- Created `docs/api/` for API documentation
- Created `docs/admin/` with subdirectories:
  - `admin/configuration/` - Configuration guides
  - `admin/deployment/` - Deployment guides
  - `admin/security/` - Security documentation
  - `admin/monitoring/` - Monitoring and analytics
- Created `docs/development/` for developer documentation
- Created `docs/guides/` for user-facing guides
- Created `docs/reports/` for analysis reports and summaries
- Created `docs/changelog/` for detailed changelog entries (ready for future use)

### File Organization

#### Moved from Root Directory (40+ files)
- Implementation notes → `docs/implementation-notes/`
- Test reports → `docs/testing/`
- Analysis reports → `docs/reports/`
- User guides → `docs/guides/`

#### Reorganized within docs/
- API documentation → `docs/api/`
- Administrator documentation → `docs/admin/` (with subdirectories)
- Developer documentation → `docs/development/`
- Security documentation → `docs/admin/security/`
- Telemetry documentation → `docs/admin/monitoring/`

### Documentation Updates

#### docs/README.md
- Complete rewrite with improved navigation
- Added visual documentation map
- Organized by role (Users, Administrators, Developers)
- Better categorization and quick links
- Updated all internal links to new structure

#### README.md (root)
- Updated all documentation links to reflect new structure
- Fixed 8 broken links

#### app/templates/main/help.html
- Enhanced "Where can I get additional help?" section
- Added links to new documentation structure
- Added documentation index link
- Added admin documentation link for administrators
- Improved footer with organized documentation links
- Added "Complete Documentation" section with role-based links

### New Index Files
- Created README.md files for all new directories:
  - `docs/api/README.md`
  - `docs/guides/README.md`
  - `docs/reports/README.md`
  - `docs/development/README.md`
  - `docs/admin/README.md`

### Cleanup
- Removed empty `docs/security/` directory (moved to `admin/security/`)
- Removed empty `docs/telemetry/` directory (moved to `admin/monitoring/`)
- Root directory now only contains: README.md, CHANGELOG.md, LICENSE

## Results

**Before:**
- 45+ markdown files cluttering root directory
- Documentation scattered across root and docs/
- Difficult to find relevant documentation
- No clear organization structure

**After:**
- 3 files in root directory (README, CHANGELOG, LICENSE)
- Clear directory structure organized by purpose and audience
- Easy navigation with role-based organization
- All documentation properly categorized
- Improved discoverability

## Benefits

1. Better Organization - Documentation grouped by purpose and audience
2. Easier Navigation - Role-based sections (Users, Admins, Developers)
3. Improved Discoverability - Clear structure with README files in each directory
4. Cleaner Root - Only essential files at project root
5. Maintainability - Easier to add and organize new documentation

## Files Changed

- 40+ files moved from root to appropriate docs/ subdirectories
- 15+ files reorganized within docs/
- 3 major documentation files updated (docs/README.md, README.md, help.html)
- 5 new README index files created
- 2 empty directories removed

All internal links have been updated to reflect the new structure.
2025-12-14 07:56:07 +01:00

222 lines
4.2 KiB
Markdown
Raw Blame History

# 🔒 HTTPS Setup for TimeTracker
## Quick Start with mkcert
### 1. Install mkcert
**Windows:**
```powershell
choco install mkcert
```
**macOS:**
```bash
brew install mkcert
```
**Linux:**
```bash
# See HTTPS_MKCERT_GUIDE.md for detailed instructions
```
### 2. Run Setup Script
**Windows:**
```cmd
setup-https-mkcert.bat
```
**Linux/Mac:**
```bash
bash setup-https-mkcert.sh
```
### 3. Start with HTTPS
```bash
docker-compose -f docker-compose.yml -f docker-compose.https.yml up -d
```
### 4. Access Your App
```
https://localhost
https://192.168.1.100 (your actual IP)
```
**✅ No certificate warnings!**
**✅ Works with IP addresses!**
**✅ Secure HTTPS!**
---
## What the Script Does
1. ✅ Installs local Certificate Authority (trusted by your browser)
2. ✅ Generates SSL certificates for localhost + your IP
3. ✅ Creates nginx reverse proxy configuration
4. ✅ Creates docker-compose.https.yml
5. ✅ Updates .env with secure HTTPS settings:
- `WTF_CSRF_SSL_STRICT=true`
- `SESSION_COOKIE_SECURE=true`
- `CSRF_COOKIE_SECURE=true`
---
## Benefits
### Solves CSRF Cookie Issues
- ✅ CSRF cookies work correctly with IP addresses
- ✅ Strict security settings enabled
- ✅ No more "CSRF token missing or invalid" errors
### Secure Communication
- ✅ All traffic encrypted
- ✅ Trusted certificates (no warnings)
- ✅ Modern TLS 1.2/1.3
### Easy Management
- ✅ One command setup
- ✅ Valid for 10 years
- ✅ No renewal needed
---
## Access from Other Devices
To access from your phone, tablet, or other computers without warnings:
1. **Find CA location:**
```bash
mkcert -CAROOT
```
2. **Copy `rootCA.pem` to device**
3. **Install certificate on device:**
- iOS: Settings → Profile → Install
- Android: Settings → Security → Install certificate
- See [HTTPS_MKCERT_GUIDE.md](HTTPS_MKCERT_GUIDE.md) for details
4. **Access from device:**
```
https://192.168.1.100
```
---
## File Structure
After running the setup:
```
TimeTracker/
├── nginx/
│ ├── conf.d/
│ │ └── https.conf # nginx HTTPS config
│ └── ssl/
│ ├── cert.pem # SSL certificate (gitignored)
│ └── key.pem # Private key (gitignored)
├── docker-compose.yml # Base configuration
├── docker-compose.https.yml # HTTPS override (auto-generated)
├── setup-https-mkcert.sh # Linux/Mac setup script
├── setup-https-mkcert.bat # Windows setup script
└── .env # Updated with HTTPS settings
```
---
## Verification
### Check Certificate
1. Navigate to `https://localhost`
2. Click padlock icon in browser
3. View certificate → Should show "mkcert" with no warnings
### Check Cookies
1. Open DevTools (F12) → Application → Cookies
2. Verify `session` and `XSRF-TOKEN` cookies have `Secure` flag
### Test Application
1. Login
2. Create a project
3. Log time
4. Should work without any CSRF errors ✅
---
## Stopping HTTPS
To return to HTTP:
```bash
# Stop HTTPS setup
docker-compose -f docker-compose.yml -f docker-compose.https.yml down
# Start normally
docker-compose up -d
```
---
## Troubleshooting
### Certificate Warning Appears
```bash
# Reinstall CA
mkcert -install
# Restart browser completely
```
### nginx Won't Start
```bash
# Check if port is in use
netstat -ano | findstr :443 # Windows
lsof -i :443 # Linux/Mac
# Check logs
docker-compose logs nginx
```
### IP Address Not Working
```bash
# Regenerate with correct IP
mkcert -key-file nginx/ssl/key.pem -cert-file nginx/ssl/cert.pem \
localhost 127.0.0.1 ::1 YOUR_ACTUAL_IP *.local
# Restart
docker-compose restart nginx
```
---
## Complete Documentation
For detailed instructions, see:
- **[HTTPS_MKCERT_GUIDE.md](HTTPS_MKCERT_GUIDE.md)** - Complete mkcert guide
- **[CSRF_IP_ACCESS_FIX.md](CSRF_IP_ACCESS_FIX.md)** - CSRF troubleshooting
---
## Summary
**One command to HTTPS:**
```bash
bash setup-https-mkcert.sh
docker-compose -f docker-compose.yml -f docker-compose.https.yml up -d
```
**Result:**
✅ Secure HTTPS
✅ No certificate warnings
✅ Works with IP addresses
✅ CSRF cookies work perfectly
✅ Production-grade security settings
**Enjoy secure TimeTracker! 🔒**
Reference in New Issue View Git Blame Copy Permalink