Feature/https domain support

[somethingwentwell]

Summary

This pull request introduces automated HTTPS support for production deployments, including Let's Encrypt certificate management, HTTP-to-HTTPS redirection, and environment-based configuration for public URLs. The changes affect both the backend and frontend, making it easy to deploy the app securely with minimal manual setup. The most important changes are grouped below.

HTTPS and Domain Configuration:

• Added support for specifying a public domain via the DOMAIN environment variable and enabling HTTPS redirection and certificate management via ENABLE_SSL and LETSENCRYPT_EMAIL in .env.example. (.env.example, .env.exampleR8-R15)
• Updated backend configuration to include the DOMAIN setting and a public_base_url property that constructs the public base URL from environment variables or falls back to the domain. (backend/app/config.py, [1] [2]
• Modified logic for constructing public webhook URLs to prioritize settings and environment variables, including the new domain-based URL. (backend/app/api/feishu.py, backend/app/api/feishu.pyR130-R141)

Backend HTTPS Redirection:

• Added HTTPSRedirectMiddleware to the backend, which automatically redirects HTTP requests to HTTPS when DOMAIN is set, using the X-Forwarded-Proto header for proxy awareness. (backend/app/main.py, [1] [2] [3]

Frontend HTTPS and Certificate Management:

• Introduced a production-ready frontend setup that supports HTTPS:
  • Added a startup script (entrypoint-nginx.sh) that generates a self-signed certificate if needed, uses a template for SSL-enabled Nginx configuration, and reloads Nginx when certificates are renewed. (frontend/entrypoint-nginx.sh, frontend/entrypoint-nginx.shR1-R36)
  • Added an Nginx SSL config template (nginx.ssl.conf.template) for dynamic domain substitution and correct proxying of API and websocket requests. (frontend/nginx.ssl.conf.template, frontend/nginx.ssl.conf.templateR1-R56)
  • Modified the frontend Dockerfile to install OpenSSL, copy the new scripts and templates, and expose port 443. (frontend/Dockerfile, frontend/DockerfileR9-R16)

Let's Encrypt Automation:

• Added a Certbot entrypoint script to obtain and renew certificates, signaling Nginx to reload after renewal. (certbot-entrypoint.sh, certbot-entrypoint.shR1-R42)
• Updated docker-compose.yml to add a certbot service, connect it to the frontend via shared volumes for certificates, and set up necessary environment variables and ports for HTTPS. (docker-compose.yml, docker-compose.ymlR65-R96)

Build Robustness:

• Improved frontend build versioning logic to gracefully handle missing VERSION files in Docker builds, avoiding build failures. (frontend/vite.config.ts, frontend/vite.config.tsL6-R12)

Checklist

• Tested locally
• No unrelated changes included

[wisdomqin]

@yaojin3616

[Copilot]

Pull request overview

Adds automated production HTTPS support (Nginx TLS + Certbot) and introduces domain-based public URL configuration used by the backend (redirect + webhook URL generation).

Changes:

• Introduces Nginx SSL runtime templating + startup logic, plus a Certbot container for issuance/renewal.
• Adds backend DOMAIN setting, HTTPS redirect middleware, and public_base_url for constructing external callback URLs.
• Makes frontend build versioning more robust when VERSION is missing in some container build contexts.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
frontend/vite.config.ts	Falls back to a default version if ../VERSION isn’t available during builds.
frontend/nginx.ssl.conf.template	New SSL-enabled Nginx config template (80→443 redirect + ACME webroot + proxying).
frontend/entrypoint-nginx.sh	New entrypoint to select SSL vs HTTP config, create temporary certs, and reload on renewal.
frontend/Dockerfile	Installs OpenSSL and switches to custom entrypoint; exposes 80/443.
docker-compose.yml	Adds certbot service + shared volumes; publishes 443; passes DOMAIN/ENABLE_SSL to frontend.
certbot-entrypoint.sh	New certbot issuance + renewal loop with nginx reload signaling.
backend/app/main.py	Adds HTTPS redirect middleware based on DOMAIN and proxy headers.
backend/app/config.py	Adds DOMAIN and public_base_url helper property.
backend/app/api/feishu.py	Updates webhook URL construction priority to use config/env before request base URL.
.env.example	Documents new domain + SSL-related environment variables.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.