Fosniedocsv0.1

Upgrades & TLS

Upgrade Fosnie safely, and serve it over HTTPS.

Upgrades

Docker Compose:

docker compose pull && docker compose up -d

Pin APP_VERSION in .env for reproducible upgrades (latest tracks the newest release). Database migrations are forward-only and run inside the backend on boot – there's no separate migrate step.

Bare-metal / air-gapped: ship the new signed bundle, run verify-release.sh, swap the binary, frontend/dist, and migrations, then systemctl restart. Updates are delivered as files, not pulled from a registry.

Back up first – always take a backup before upgrading.

TLS / reverse proxy

Put a reverse proxy (nginx, Caddy, or Traefik) in front of Fosnie, terminate TLS there, and set PUBLIC_URL to the resulting https:// URL.

A non-loopback PUBLIC_URL must be https – the backend refuses to boot otherwise. This protects session cookies and enforces HSTS/CSP.

For a direct-IP host without a domain, a self-signed certificate is acceptable for internal use; for anything public, use a proper certificate from your proxy's ACME integration. Keep the backend and any model-engine ports bound to localhost or the internal network, so only the proxy is reachable from outside. Managed TLS is on the roadmap; the reverse-proxy recipe is the supported path today.

Was this page helpful?

On this page