mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-07 20:20:30 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
85298e1d473a5a337fb7a137d2c381525770200d
TimeTracker/docs/security/README_HTTPS.md
Dries Peeters e4789cc26e feat: Add telemetry and analytics infrastructure with observability stack 
Implement comprehensive analytics and monitoring system with PostHog integration,
complete observability stack (Prometheus, Grafana, Loki, Promtail), and CI/CD
workflows for automated builds.

Features:
- Add PostHog telemetry integration with privacy-focused event tracking
- Implement installation flow for opt-in telemetry configuration
- Add telemetry management UI in admin panel with detailed transparency
- Track key user events across all major features (projects, tasks, timer, etc.)

Infrastructure:
- Set up Prometheus for metrics collection
- Configure Grafana for visualization dashboards
- Integrate Loki and Promtail for log aggregation
- Add separate analytics docker-compose configuration

CI/CD:
- Add GitHub Actions workflows for building and publishing Docker images
- Implement separate dev and production build pipelines
- Configure automated image publishing to registry

Documentation:
- Restructure documentation into organized docs/ directory
- Add comprehensive guides for telemetry, analytics, and local development
- Create transparency documentation for tracked events
- Add CI/CD and build configuration guides

Code improvements:
- Integrate telemetry hooks across all route handlers
- Add feature flags and configuration management
- Refactor test suite for analytics functionality
- Clean up root directory by moving docs and removing test artifacts

Breaking changes:
- Requires new environment variables for PostHog configuration
- Docker compose setup now supports analytics stack

Changes: 73 files changed, 955 insertions(+), 14126 deletions(-)
2025-10-20 14:38:57 +02:00

4.2 KiB
Raw Blame History

🔒 HTTPS Setup for TimeTracker

Quick Start with mkcert

1. Install mkcert

Windows:

choco install mkcert

macOS:

brew install mkcert

Linux:

# See HTTPS_MKCERT_GUIDE.md for detailed instructions

2. Run Setup Script

Windows:

setup-https-mkcert.bat

Linux/Mac:

bash setup-https-mkcert.sh

3. Start with HTTPS

docker-compose -f docker-compose.yml -f docker-compose.https.yml up -d

4. Access Your App

https://localhost
https://192.168.1.100  (your actual IP)

No certificate warnings! Works with IP addresses! Secure HTTPS!

What the Script Does

  1. Installs local Certificate Authority (trusted by your browser)
  2. Generates SSL certificates for localhost + your IP
  3. Creates nginx reverse proxy configuration
  4. Creates docker-compose.https.yml
  5. Updates .env with secure HTTPS settings:
    • WTF_CSRF_SSL_STRICT=true
    • SESSION_COOKIE_SECURE=true
    • CSRF_COOKIE_SECURE=true

Benefits

Solves CSRF Cookie Issues

  • CSRF cookies work correctly with IP addresses
  • Strict security settings enabled
  • No more "CSRF token missing or invalid" errors

Secure Communication

  • All traffic encrypted
  • Trusted certificates (no warnings)
  • Modern TLS 1.2/1.3

Easy Management

  • One command setup
  • Valid for 10 years
  • No renewal needed

Access from Other Devices

To access from your phone, tablet, or other computers without warnings:

  1. Find CA location:

    mkcert -CAROOT

  2. Copy rootCA.pem to device

  3. Install certificate on device:

    • iOS: Settings → Profile → Install
    • Android: Settings → Security → Install certificate
    • See HTTPS_MKCERT_GUIDE.md for details

  4. Access from device:

    https://192.168.1.100

File Structure

After running the setup:

TimeTracker/
├── nginx/
│   ├── conf.d/
│   │   └── https.conf          # nginx HTTPS config
│   └── ssl/
│       ├── cert.pem            # SSL certificate (gitignored)
│       └── key.pem             # Private key (gitignored)
├── docker-compose.yml          # Base configuration
├── docker-compose.https.yml    # HTTPS override (auto-generated)
├── setup-https-mkcert.sh      # Linux/Mac setup script
├── setup-https-mkcert.bat     # Windows setup script
└── .env                        # Updated with HTTPS settings

Verification

Check Certificate

  1. Navigate to https://localhost
  2. Click padlock icon in browser
  3. View certificate → Should show "mkcert" with no warnings

Check Cookies

  1. Open DevTools (F12) → Application → Cookies
  2. Verify session and XSRF-TOKEN cookies have Secure flag

Test Application

  1. Login
  2. Create a project
  3. Log time
  4. Should work without any CSRF errors

Stopping HTTPS

To return to HTTP:

# Stop HTTPS setup
docker-compose -f docker-compose.yml -f docker-compose.https.yml down

# Start normally
docker-compose up -d

Troubleshooting

Certificate Warning Appears

# Reinstall CA
mkcert -install

# Restart browser completely

nginx Won't Start

# Check if port is in use
netstat -ano | findstr :443     # Windows
lsof -i :443                    # Linux/Mac

# Check logs
docker-compose logs nginx

IP Address Not Working

# Regenerate with correct IP
mkcert -key-file nginx/ssl/key.pem -cert-file nginx/ssl/cert.pem \
  localhost 127.0.0.1 ::1 YOUR_ACTUAL_IP *.local

# Restart
docker-compose restart nginx

Complete Documentation

For detailed instructions, see:

Summary

One command to HTTPS:

bash setup-https-mkcert.sh
docker-compose -f docker-compose.yml -f docker-compose.https.yml up -d

Result: Secure HTTPS
No certificate warnings
Works with IP addresses
CSRF cookies work perfectly
Production-grade security settings

Enjoy secure TimeTracker! 🔒

Reference in New Issue View Git Blame Copy Permalink