cameleer-saas

cameleer/cameleer-saas

Fork 0

Commit Graph

Author	SHA1	Message	Date
hsiegeln	1b2c962261	fix: root → /platform/ redirect via Traefik file config All checks were successful CI / build (push) Successful in 40s Details CI / docker (push) Successful in 5s Details Docker-compose label escaping mangles regex patterns. Use a separate Traefik dynamic config file instead — clean regex, proper 302 redirect. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 23:30:38 +02:00
hsiegeln	e167d5475e	feat: production-ready TLS with self-signed cert init container All checks were successful CI / build (push) Successful in 39s Details CI / docker (push) Successful in 40s Details Standard OIDC architecture: subdomain routing (auth.HOST, server.HOST), TLS via Traefik, self-signed cert auto-generated on first boot. - Add traefik-certs init container (generates wildcard self-signed cert) - Enable TLS on all Traefik routers (websecure entrypoint) - HTTP→HTTPS redirect in traefik.yml - Host-based routing for all services (no more path conflicts) - PUBLIC_PROTOCOL env var (https default, configurable) - Protocol-aware redirect URIs in bootstrap - Protocol-aware UI fallbacks Customer bootstrap: set PUBLIC_HOST + DNS records + docker compose up. For production TLS, configure Traefik ACME (Let's Encrypt). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-05 18:14:25 +02:00
hsiegeln	ab9ad1ab7f	feat: add Docker Compose production stack with Traefik + Logto 7-service stack: Traefik (reverse proxy), PostgreSQL (shared), Logto (identity), cameleer-saas (control plane), cameleer3-server (observability), ClickHouse (traces). ForwardAuth middleware for tenant-aware routing to cameleer3-server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-04 15:09:49 +02:00

Author

SHA1

Message

Date

hsiegeln

1b2c962261

fix: root → /platform/ redirect via Traefik file config

CI / build (push) Successful in 40s

Details

CI / docker (push) Successful in 5s

Details

Docker-compose label escaping mangles regex patterns. Use a separate
Traefik dynamic config file instead — clean regex, proper 302 redirect.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-05 23:30:38 +02:00

hsiegeln

e167d5475e

feat: production-ready TLS with self-signed cert init container

CI / build (push) Successful in 39s

Details

CI / docker (push) Successful in 40s

Details

Standard OIDC architecture: subdomain routing (auth.HOST, server.HOST),
TLS via Traefik, self-signed cert auto-generated on first boot.

- Add traefik-certs init container (generates wildcard self-signed cert)
- Enable TLS on all Traefik routers (websecure entrypoint)
- HTTP→HTTPS redirect in traefik.yml
- Host-based routing for all services (no more path conflicts)
- PUBLIC_PROTOCOL env var (https default, configurable)
- Protocol-aware redirect URIs in bootstrap
- Protocol-aware UI fallbacks

Customer bootstrap: set PUBLIC_HOST + DNS records + docker compose up.
For production TLS, configure Traefik ACME (Let's Encrypt).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-05 18:14:25 +02:00

hsiegeln

ab9ad1ab7f

feat: add Docker Compose production stack with Traefik + Logto

7-service stack: Traefik (reverse proxy), PostgreSQL (shared),
Logto (identity), cameleer-saas (control plane), cameleer3-server
(observability), ClickHouse (traces). ForwardAuth middleware for
tenant-aware routing to cameleer3-server.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-04 15:09:49 +02:00

3 Commits