From be35f5670c17262ce0bbcba4cb7c1c3020f439a7 Mon Sep 17 00:00:00 2001 From: Gil Desmarais Date: Wed, 8 Oct 2025 18:13:48 +0300 Subject: [PATCH] Update HTTPS guidance to highlight Caddy and Traefik --- .../web-application/how-to/deployment.mdx | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/content/docs/web-application/how-to/deployment.mdx b/src/content/docs/web-application/how-to/deployment.mdx index 0e2c71b..f116d26 100644 --- a/src/content/docs/web-application/how-to/deployment.mdx +++ b/src/content/docs/web-application/how-to/deployment.mdx @@ -52,18 +52,23 @@ When hosting a **public instance** that others will use, please follow these ess ### HTTPS -Setting up HTTPS is crucial for any public instance. Follow these steps: - -1. **Obtain SSL certificates** using [Let's Encrypt](https://letsencrypt.org/) with [Certbot](https://certbot.eff.org/) -2. **Configure your reverse proxy** to handle SSL termination -3. **Redirect all HTTP traffic** to HTTPS automatically -4. **Test your setup** using tools like [SSL Labs](https://www.ssllabs.com/ssltest/) - -For detailed implementation guides, see: - -- [Nginx SSL configuration](https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/) -- [Apache SSL setup](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) -- [Cloudflare SSL/TLS settings](https://developers.cloudflare.com/ssl/) +For most deployments we recommend **Caddy** as the default reverse proxy. Its +[Automatic HTTPS](https://caddyserver.com/docs/automatic-https) feature handles +certificate issuance, renewal, and HTTP→HTTPS redirects with almost zero +configuration, making it ideal for quickly hardening html2rss-web instances. + +If you need tighter integration with container orchestration, **Traefik** is an +excellent alternative. Follow the official +[Traefik ACME guide](https://doc.traefik.io/traefik/https/acme/) to enable +automatic certificates using Let's Encrypt while keeping dynamic routing and +Docker auto-discovery. + +> **Other options:** Prefer nginx, Cloudflare, or another edge provider? Stick to +> their upstream tutorials such as the +> [nginx TLS termination guide](https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/) +> and [Cloudflare SSL/TLS docs](https://developers.cloudflare.com/ssl/). These +> tools offer robust HTTPS setups when configured per their official +> documentation. ## Quick Docker Setup