From e464c9544a7a2f4fbc716ddfb3318a90c849a776 Mon Sep 17 00:00:00 2001
From: Eduardo Lopes <155753879+eduardolopesx03@users.noreply.github.com>
Date: Tue, 10 Feb 2026 12:23:27 -0300
Subject: [PATCH] Add domain-based HTTPS deployment with Caddy

---
 .env.example              |  4 ++-
 Caddyfile                 |  5 +++
 DEPLOYMENT.md             | 46 +++++++++++++++++++++++++++
 docker-compose.domain.yml | 65 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 Caddyfile
 create mode 100644 docker-compose.domain.yml

diff --git a/.env.example b/.env.example
index 1999202..f1d6686 100644
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,7 @@
 ASPNETCORE_ENVIRONMENT=Production
 APP_USE_HTTPS_REDIRECTION=false
+DOMAIN=linegestao.inglinesystems.com.br
+ACME_EMAIL=seu-email@dominio.com
 
 JWT_KEY=troque-por-uma-chave-bem-forte
 JWT_ISSUER=LineGestao
@@ -14,4 +16,4 @@ SEED_ADMIN_PASSWORD=troque-por-uma-senha-forte
 SEED_ADMIN_NAME=Administrador
 SEED_DEFAULT_TENANT_NAME=Default
 
-FRONTEND_PUBLIC_URL=http://localhost:4200
+FRONTEND_PUBLIC_URL=https://linegestao.inglinesystems.com.br
diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..28c6635
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,5 @@
+{$DOMAIN} {
+  encode zstd gzip
+
+  reverse_proxy api:8080
+}
diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
index 4c6f5a5..df6bf9b 100644
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@@ -74,6 +74,52 @@ FRONTEND_PUBLIC_URL=https://seu-dominio.com
 
 ## 4) Subir a stack com Docker Compose
 
+### Alternativa principal (com domínio + HTTPS automático via Caddy)
+
+Agora que o domínio está apontando para o servidor, use `docker-compose.domain.yml` para publicar em **HTTPS** com certificado automático (Let's Encrypt).
+
+1. Ajuste o `.env` na pasta da API:
+
+```env
+DOMAIN=linegestao.inglinesystems.com.br
+ACME_EMAIL=seu-email@dominio.com
+FRONTEND_PUBLIC_URL=https://linegestao.inglinesystems.com.br
+APP_USE_HTTPS_REDIRECTION=false
+```
+
+2. Libere portas públicas no firewall (uma vez):
+
+```bash
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+```
+
+3. Suba stack com Caddy:
+
+```bash
+cd ~/apps/line-gestao-api
+docker compose -f docker-compose.domain.yml up -d --build
+```
+
+4. Valide certificado e API em HTTPS:
+
+```bash
+curl -Iv https://linegestao.inglinesystems.com.br/health
+```
+
+Resultado esperado:
+- status `HTTP/2 200`
+- certificado emitido para `linegestao.inglinesystems.com.br`
+
+> Importante: no primeiro boot o Caddy pode levar alguns segundos para obter o certificado. Se falhar, confira se DNS já propagou e se as portas 80/443 estão acessíveis.
+
+Comandos úteis de diagnóstico:
+
+```bash
+docker compose -f docker-compose.domain.yml logs -f caddy
+docker compose -f docker-compose.domain.yml logs -f api
+```
+
 ### Alternativa A (provisória e mais rápida): sem Caddy, expondo API direto
 
 Se você ainda não tem acesso ao DNS/domínio no Wix, use o arquivo `docker-compose.prod.yml` deste repositório para publicar só a API (porta `8080`) e o banco.
diff --git a/docker-compose.domain.yml b/docker-compose.domain.yml
new file mode 100644
index 0000000..25583bd
--- /dev/null
+++ b/docker-compose.domain.yml
@@ -0,0 +1,65 @@
+services:
+  api:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: linegestao-api
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT:-Production}
+      ASPNETCORE_URLS: http://+:8080
+      App__UseHttpsRedirection: ${APP_USE_HTTPS_REDIRECTION:-false}
+      ConnectionStrings__Default: Host=db;Port=5432;Database=${POSTGRES_DB:-linegestao};Username=${POSTGRES_USER:-linegestao_app};Password=${POSTGRES_PASSWORD:-CHANGE_ME}
+      Jwt__Issuer: ${JWT_ISSUER:-LineGestao}
+      Jwt__Audience: ${JWT_AUDIENCE:-LineGestao}
+      Jwt__Key: ${JWT_KEY:?JWT_KEY is required}
+      Seed__AdminEmail: ${SEED_ADMIN_EMAIL:-admin@linegestao.local}
+      Seed__AdminPassword: ${SEED_ADMIN_PASSWORD:-CHANGE_ME}
+      Seed__AdminName: ${SEED_ADMIN_NAME:-Administrador}
+      Seed__DefaultTenantName: ${SEED_DEFAULT_TENANT_NAME:-Default}
+      Cors__AllowedOrigins__0: ${FRONTEND_PUBLIC_URL:-https://linegestao.inglinesystems.com.br}
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: postgres:16-alpine
+    container_name: linegestao-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-linegestao}
+      POSTGRES_USER: ${POSTGRES_USER:-linegestao_app}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-CHANGE_ME}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-linegestao_app} -d ${POSTGRES_DB:-linegestao}"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+
+  caddy:
+    image: caddy:2-alpine
+    container_name: linegestao-caddy
+    restart: unless-stopped
+    depends_on:
+      api:
+        condition: service_started
+    environment:
+      DOMAIN: ${DOMAIN:?DOMAIN is required}
+      ACME_AGREE: "true"
+      EMAIL: ${ACME_EMAIL:-}
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+
+volumes:
+  postgres_data:
+  caddy_data:
+  caddy_config: