"feat: Integrate Caddy as reverse proxy for frontend"

backend/app/config/settings.py

@@ -34,8 +34,8 @@ SESSION_LIFETIME = timedelta(days=7)
 
 # SSL-Konfiguration
 SSL_ENABLED = True
-SSL_CERT_PATH = "/opt/myp/ssl/myp.crt"
+SSL_CERT_PATH = "instance/ssl/myp.crt"
-SSL_KEY_PATH = "/opt/myp/ssl/myp.key"
+SSL_KEY_PATH = "instance/ssl/myp.key"
 SSL_HOSTNAME = "raspberrypi"
 
 # Scheduler-Konfiguration

docker-compose.yml

@@ -16,7 +16,6 @@ services:
       - ./backend:/app
       - ./backend/logs:/app/logs
       - ./backend/instance:/app/instance
-      - backend_ssl:/opt/myp/ssl
     networks:
       - myp-network
     environment:
@@ -70,6 +69,7 @@ services:
       - ./frontend/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
       - caddy_data:/data
       - caddy_config:/config
+      - ./backend/instance/ssl:/etc/caddy/ssl
     networks:
       - myp-network
     extra_hosts:

frontend/docker/caddy/Caddyfile

@@ -6,7 +6,7 @@
 # Produktionsumgebung - Spezifischer Hostname für Mercedes-Benz Werk 040 Berlin
 m040tbaraspi001.de040.corpintra.net {
     # TLS mit selbstsignierten Zertifikaten für die Produktionsumgebung
-    tls internal {
+    tls /etc/caddy/ssl/frontend.crt /etc/caddy/ssl/frontend.key {
         protocols tls1.2 tls1.3
     }
 
@@ -85,7 +85,7 @@ localhost, 127.0.0.1 {
     }
 
     # TLS für lokale Entwicklung
-    tls internal
+    tls /etc/caddy/ssl/frontend.crt /etc/caddy/ssl/frontend.key
 
     # OAuth Callbacks für Entwicklung
     @oauth path /auth/login/callback*