marcel/familienarchiv
1
0
Fork 0
Code Issues 114 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat(infra): production deployment pipeline — Caddy, staging, Gitea Actions (#497) #499

Merged
marcel merged 39 commits from feat/issue-497-prod-deploy into main 2026-05-11 14:29:33 +02:00
Conversation 16 Commits 39 Files Changed 22 +43
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 83f022ff4b - Show all commits

6
backend/src/main/resources/application.yaml
View File

@@ -38,6 +38,12 @@ spring:
starttls:
enable: true
server:
# Behind Caddy/reverse proxy: trust X-Forwarded-{Proto,For,Host} so that
# request.getScheme(), redirect URLs, and Spring Session "Secure" cookies
# reflect the original https client request, not the http hop from Caddy.
forward-headers-strategy: native
management:
health:
mail:

37
backend/src/test/java/org/raddatz/familienarchiv/config/ForwardHeadersConfigurationTest.java Normal file
View File

@@ -0,0 +1,37 @@
package org.raddatz.familienarchiv.config;
import org.junit.jupiter.api.Test;
import org.raddatz.familienarchiv.PostgresContainerConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Import;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import software.amazon.awssdk.services.s3.S3Client;
import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.NONE)
@ActiveProfiles("test")
@Import(PostgresContainerConfig.class)
class ForwardHeadersConfigurationTest {
@MockitoBean
S3Client s3Client;
@Autowired
@Value("${server.forward-headers-strategy:}")
String forwardHeadersStrategy;
@Test
void forward_headers_strategy_is_native_for_reverse_proxy_deployment() {
// Caddy terminates TLS and forwards X-Forwarded-Proto: https.
// Spring must trust those headers so that AppUser-facing redirect URLs,
// Spring Session cookies (Secure flag), and HttpServletRequest.getScheme()
// reflect the original client-facing scheme rather than the internal http hop.
assertThat(forwardHeadersStrategy)
.as("server.forward-headers-strategy must be 'native' so Jetty honours X-Forwarded-Proto behind Caddy")
.isEqualTo("native");
}
}