cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: production-ready TLS with self-signed cert init container
All checks were successful
CI / build (push) Successful in 39s
Details
CI / docker (push) Successful in 40s
Details

Browse Source 
Standard OIDC architecture: subdomain routing (auth.HOST, server.HOST),
TLS via Traefik, self-signed cert auto-generated on first boot.

- Add traefik-certs init container (generates wildcard self-signed cert)
- Enable TLS on all Traefik routers (websecure entrypoint)
- HTTP→HTTPS redirect in traefik.yml
- Host-based routing for all services (no more path conflicts)
- PUBLIC_PROTOCOL env var (https default, configurable)
- Protocol-aware redirect URIs in bootstrap
- Protocol-aware UI fallbacks

Customer bootstrap: set PUBLIC_HOST + DNS records + docker compose up.
For production TLS, configure Traefik ACME (Let's Encrypt).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 18:14:25 +02:00
parent 3694d4a7d6
commit e167d5475e
5 changed files with 59 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ui/src/components/Layout.tsx
View File

@@ -162,7 +162,7 @@ export function Layout() {
<Sidebar.FooterLink
icon={<ObsIcon />}
label="View Dashboard"
onClick={() => window.open(`http://server.${window.location.hostname}`, '_blank', 'noopener')}
onClick={() => window.open(`${window.location.protocol}//server.${window.location.hostname}`, '_blank', 'noopener')}
/>
{/* User info + logout */}