Skip to content

[P1.20] Terminate TLS in front of the services (they bind 0.0.0.0 over plaintext HTTP/ws) #747

Description

@frankbria

Severity: medium | Category: infra | Phase: P1.20

Problem

Frontend next start -H 0.0.0.0 and backend default host=0.0.0.0 with plaintext http:///ws:// URLs; remote-setup.sh installs no nginx/TLS/reverse proxy. On the shared VPS, JWT bearer tokens and API keys travel in cleartext on all interfaces.

Evidence

ecosystem.staging.config.js:34, codeframe/ui/server.py:783, .env.staging.example:23

Acceptance criteria

  • A TLS-terminating reverse proxy (nginx/caddy) fronts the services; app processes bind 127.0.0.1.
  • Provisioning sets up the proxy; documented origins are https:///wss://.

Dependencies

None


Filed from the SaaS launch-readiness audit. Atomic: one developer, one session. Work order: strictly P0.1 → P3.12 (no forward dependencies).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions