- Backend: 4 new endpoints in SettingsController (GET/POST/DELETE /settings/ssl, POST /settings/ssl/check-dns)
- Certificate validation via Node.js crypto.X509Certificate (PEM format, expiry, SAN match)
- DNS resolution check via dns.promises.resolve4
- Auto-generates Traefik dynamic config (ssl-domain.yml) with custom domain routing + HTTP->HTTPS redirect
- Frontend: AdminSslPage with DNS name input, cert/key upload, status display
- Docker: Core-service gets access to traefik-certs volume and dynamic config directory
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend-driven Authorization Code Flow with @azure/msal-node:
- EntraIdService: MSAL ConfidentialClientApplication, auth URL generation, token exchange
- SsoController: /auth/sso/microsoft (initiate) + /auth/sso/microsoft/callback (callback)
- AuthService.loginViaSso(): User provisioning (find by OID, auto-link by email, or create new)
- CSRF protection via state parameter stored in Redis
- SSO status endpoint for frontend feature detection
Frontend:
- "Mit Microsoft anmelden" button on login page (shown only when SSO is configured)
- SsoCallbackPage: handles redirect from backend, sets token, loads user profile
- AuthContext.loginWithToken(): new method for SSO token handling
Configuration:
- AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_REDIRECT_URI env vars
- docker-compose.yml updated to pass Azure vars to core service
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The `traefik healthcheck` CLI command doesn't reliably detect the
ping configuration. Using wget against the /ping endpoint instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The `traefik healthcheck` command requires `--ping=true` to be set.
Without it, the healthcheck always fails even though Traefik works fine.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The edoburu/pgbouncer image listens on port 5432 internally,
not 6432. Updated healthcheck and DATABASE_URL accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
