v0.9.88 major change sqlite to postgres

2026-03-20 10:46:29 -04:00
parent 7dc4cfcbce
commit ac7cba0f92
31 changed files with 3729 additions and 2645 deletions
--- a/Caddyfile.example
+++ b/Caddyfile.example
@@ -0,0 +1,86 @@
+# Caddyfile.example — JAMA-HOST reverse proxy
+#
+# Caddy handles SSL automatically via Let's Encrypt.
+# Wildcard certs require a DNS challenge provider.
+#
+# Prerequisites:
+#   1. Install the Caddy DNS plugin for your provider:
+#      https://caddyserver.com/docs/automatic-https#dns-challenge
+#      Common providers: cloudflare, route53, digitalocean
+#
+#   2. Set your DNS API token as an environment variable:
+#      CF_API_TOKEN=your_cloudflare_token  (or equivalent)
+#
+#   3. Add a wildcard DNS record in your DNS provider:
+#      *.jamachat.com → your server IP
+#      jamachat.com   → your server IP
+#
+# Usage:
+#   Copy this file to /etc/caddy/Caddyfile (or wherever Caddy reads it)
+#   Reload: caddy reload
+
+# ── Wildcard subdomain ────────────────────────────────────────────────────────
+# Handles team1.jamachat.com, teamB.jamachat.com, etc.
+# Replace jamachat.com with your actual HOST_DOMAIN.
+
+*.jamachat.com {
+    tls {
+        dns cloudflare {env.CF_API_TOKEN}
+    }
+
+    # Forward all requests to the jama app container
+    reverse_proxy localhost:3000
+
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options nosniff
+        X-Frame-Options DENY
+        Referrer-Policy strict-origin-when-cross-origin
+        -Server
+    }
+
+    # Logs (optional)
+    log {
+        output file /var/log/caddy/jama-access.log
+        format json
+    }
+}
+
+# ── Base domain (host admin panel) ───────────────────────────────────────────
+jamachat.com {
+    reverse_proxy localhost:3000
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options nosniff
+        -Server
+    }
+}
+
+# ── Custom tenant domains ─────────────────────────────────────────────────────
+# When a tenant sets up a custom domain (e.g. chat.theircompany.com):
+#
+# 1. They add a DNS CNAME: chat.theircompany.com → jamachat.com
+#
+# 2. You add a block here and reload Caddy.
+#    Caddy will automatically obtain and renew the SSL cert.
+#
+# Example:
+#
+# chat.theircompany.com {
+#     reverse_proxy localhost:3000
+# }
+#
+# Alternatively, use Caddy's on-demand TLS to handle custom domains
+# automatically without editing this file:
+#
+# (on_demand_tls) {
+#     on_demand {
+#         ask http://localhost:3000/api/host/verify-domain
+#     }
+# }
+#
+# *.jamachat.com, jamachat.com {
+#     tls { on_demand }
+#     reverse_proxy localhost:3000
+# }