SSL / HTTPS Support

docs/advanced/ssl.md

@@ -0,0 +1,31 @@
+If you want to deploy EZAuth you may want to run it via `HTTPS` instead of `HTTP`. This can be easily achieved with EZAuth, by putting certificates in the `config/ssl` directory. The certificates have to be named **`cert.pem` and `key.pem`**. The `cert.pem` file should contain the certificate and the intermediate certificate, while the `key.pem` file should contain the private key.
+
+EZAuth will automatically detect the certificates and run on `HTTPS` instead of `HTTP`. If you want to run EZAuth on `HTTP` again, just remove the certificates from the `config/ssl` directory.
+
+## Self Signing with [MKCert](https://github.com/FiloSottile/mkcert)
+
+If you want to test EZAuth with self-signed certificates, you can use [MKCert](https://github.com/FiloSottile/mkcert).
+
+!!! warning "SSL Certificates"
+    Make sure that the certificates are valid and not self-signed. Browsers will not accept self-signed certificates and will show a warning to the user. Use [Let's Encrypt](https://letsencrypt.org/) or a similar service to get valid certificates.
+
+To generate a self-signed certificate with MKCert, [install MKCert](https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installation) and follow the instructions below.
+
+=== "Debian/Ubuntu"
+    Run the following commands to generate a Certificate with MKCert
+
+    ```bash
+    cd config
+    mkdir -p ssl
+    cd ssl
+    mkcert yourdomain.com localhost 127.0.0.1
+    ```
+
+=== "Windows"
+    Create a new folder in the `config` directory called `ssl`. Open a command prompt and navigate to the `config/ssl` directory. Run the following command to generate a Certificate with MKCert
+
+    ```sh
+    mkcert yourdomain.com localhost 127.0.0.1
+    ```
+
+After running the command, you will see two files in the `config/ssl` directory: `yourdomain.com.pem` and `yourdomain.com-key.pem`. Rename the files to `cert.pem` and `key.pem` respectively. Then restart the EZAuth service to apply the changes.

mkdocs.yml

@@ -15,6 +15,7 @@ nav:
     - Advanced E-Mail Templating: advanced/email_templates.md
     - Further Customization: advanced/further_custom.md
     - OAuth: advanced/oauth.md
+    - SSL / HTTPS: advanced/ssl.md
 theme:
   name: material
   logo: "ezauth_logo.png"
@@ -54,3 +55,6 @@ markdown_extensions:
   - pymdownx.inlinehilite
   - pymdownx.snippets
   - pymdownx.superfences
+  - pymdownx.tabbed:
+      alternate_style: true
+  - pymdownx.tilde

src/Dockerfile

@@ -13,4 +13,8 @@ RUN pip install --no-cache-dir --upgrade -r /src/app/requirements.txt
 
 COPY . /src/app
 
-CMD ["uvicorn", "api.main:app", "--host", "0.0.0.0", "--port", "80", "--log-level", "critical"]
+# Add a startup script
+COPY start.sh /src/app/start.sh
+RUN chmod +x /src/app/start.sh
+
+CMD ["/src/app/start.sh"]

src/start.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -f "/src/app/config/ssl/key.pem" ] && [ -f "/src/app/config/ssl/cert.pem" ]; then
+    uvicorn api.main:app --host 0.0.0.0 --port 80 --log-level critical --ssl-keyfile /src/app/config/ssl/key.pem --ssl-certfile /src/app/config/ssl/cert.pem
+else
+    uvicorn api.main:app --host 0.0.0.0 --port 80 --log-level critical
+fi

src/tools/conf/EmailConfig.py

@@ -50,7 +50,7 @@ def validate_values(self) -> None:
                     self.sender_email
                 )
             )
-        if "http" in self.smtp_host or "smtp" in self.smtp_host:
+        if self.smtp_host.startswith("http"):
             raise ValueError(
                 "email.smtp_host must not contain `http` or `https` or `smtp` (got {})".format(
                     self.smtp_host

src/tools/conf/testing_config.json

@@ -15,7 +15,7 @@
         "login_usr": "",
         "login_pwd": "",
         "sender_email": "",
-        "smtp_host": "",
+        "smtp_host": "smtp.gmail.com",
         "smtp_port": 465
     },
     "session": {