feat(6): add Caddy reverse proxy with SSL to standalone deployment

Complete feature parity with Docker deployment:
  - Caddy reverse proxy manages SSL/TLS
  - Ports: 8916/8917 (HTTP), 8918/8919 (HTTPS)
  - Self-signed certificates (development-friendly)
  - Automatic certificate generation via on-demand TLS
  - Security headers (HSTS, XSS Protection, etc.)

Changes:
  - Created Caddyfile.standalone for localhost config
  - Enhanced start_servers.py with Caddy startup/monitoring
  - Auto-install Caddy via apt if not present
  - Updated status output to show both HTTP and HTTPS URLs
  - All three services (backend, frontend, caddy) in one launcher

Both Docker and Standalone modes now have IDENTICAL capabilities:
  - Full production-ready SSL/TLS support
  - Reverse proxy with auto-certificate management
  - HTTPS-only capable

Resolves dual-deployment equivalence requirement
This commit is contained in:
2026-04-22 19:16:26 +03:00
parent dee8941f15
commit 6fa146fae2
2 changed files with 215 additions and 112 deletions

40
Caddyfile.standalone Normal file
View File

@@ -0,0 +1,40 @@
# TFM aInventory - Standalone Caddy Configuration
# Self-signed SSL/TLS reverse proxy for localhost deployment
{
admin off
local_certs
skip_install_trust
on_demand_tls {
ask http://localhost:8916/
}
}
# HTTPS Frontend (port 8919 -> 443)
https://localhost:8919 {
tls internal {
on_demand
}
reverse_proxy localhost:8917
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "strict-origin-when-cross-origin"
}
}
# HTTPS Backend (port 8918 -> 444)
https://localhost:8918 {
tls internal {
on_demand
}
reverse_proxy localhost:8916
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
}
}