From f395e5ac6fc873ad4d18ac7652c818db1bd09a32 Mon Sep 17 00:00:00 2001
From: Christos Choutouridis <hoo2@hoo2.net>
Date: Mon, 12 Jan 2026 12:06:43 +0200
Subject: [PATCH] Switch to https using Caddy proxy.

---
 passman-dev/Caddyfile              | 19 +++++++++++++++++++
 passman-dev/docker-compose.yml     | 18 ++++++++++++++++--
 passman-dev/php/passman/index.html | 16 ++++++++--------
 3 files changed, 43 insertions(+), 10 deletions(-)
 create mode 100644 passman-dev/Caddyfile

diff --git a/passman-dev/Caddyfile b/passman-dev/Caddyfile
new file mode 100644
index 0000000..acccbd7
--- /dev/null
+++ b/passman-dev/Caddyfile
@@ -0,0 +1,19 @@
+# HTTP site: redirect everything to HTTPS
+http://localhost {
+    redir https://{host}{uri} permanent
+}
+
+# HTTPS site
+https://localhost {
+    reverse_proxy web:80
+    tls internal
+
+    # Optional: security headers (defense-in-depth)
+    header {
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "no-referrer"
+    }
+}
+
+
diff --git a/passman-dev/docker-compose.yml b/passman-dev/docker-compose.yml
index 440f18b..978b559 100644
--- a/passman-dev/docker-compose.yml
+++ b/passman-dev/docker-compose.yml
@@ -2,8 +2,8 @@
 services:
   web:
     build: .
-    ports:
-      - "80:80"
+    # ports:
+    #   - "80:80"
     volumes:
       - ./php:/var/www/html
     environment:
@@ -14,6 +14,18 @@ services:
     depends_on:
       - db
 
+  proxy:
+    image: caddy:2
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - web
+
   db:
     image: mariadb:11
     container_name: passman_db
@@ -30,4 +42,6 @@ services:
 
 volumes:
   dbdata:
+  caddy_data:
+  caddy_config:
 
diff --git a/passman-dev/php/passman/index.html b/passman-dev/php/passman/index.html
index af9a7e3..e374e71 100644
--- a/passman-dev/php/passman/index.html
+++ b/passman-dev/php/passman/index.html
@@ -15,23 +15,23 @@
 	<br />
 	<ul>
 		<li>
-			<a href="http://localhost/passman/register.php">Registration Form</a>
+			<a href="/passman/register.php">Registration Form</a>
 		</li>
 		<br />
 		<li>
-			<a href="http://localhost/passman/login.php">Login Page</a>
+			<a href="/passman/login.php">Login Page</a>
 		</li>
 		<br />
 		<li>
-			<a href="http://localhost/passman/logout.php">Logout Page</a>
+			<a href="/passman/logout.php">Logout Page</a>
 		</li>
 		<br />
 		<li>
-			<a href="http://localhost/passman/dashboard.php">Dashboard</a> (display passwords for websites)
+			<a href="/passman/dashboard.php">Dashboard</a> (display passwords for websites)
 		</li>
 		<br />
 		<li>
-			<a href="http://localhost/passman/notes.php">Notes</a> (notes/comments/announcements)
+			<a href="/passman/notes.php">Notes</a> (notes/comments/announcements)
 		</li>
 		<br />
 	</ul>
@@ -41,18 +41,18 @@
 	<br />
 	<ul>
 		<li>
-			Test <a href="http://localhost/passman/test_hash.php">hashing</a> functions in PHP (server side)
+			Test <a href="/passman/test_hash.php">hashing</a> functions in PHP (server side)
 		</li>
 		<br />
 		<li>
-			Test <a href="http://localhost/passman/test_encrypt.php">encrypting/decrypting</a> functions in PHP (server side)
+			Test <a href="/passman/test_encrypt.php">encrypting/decrypting</a> functions in PHP (server side)
 		</li>
 		<br />
 	</ul>
 
 	<br />
 	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Hacker's side (for using stealing cookies using XSS):
-	<a href="http://localhost/passman/xss">http://localhost/passman/xss</a>
+	<a href="/passman/xss">passman/xss</a>
 	<br />
 
 </body>