[Fix]: AutoSSL issues , removed temporary and docker setup works with http only

Author: moonshadowrev

.env.example

@@ -11,11 +11,11 @@ APP_ENV=production
 # Debug mode: enable only for development
 APP_DEBUG=false
 
-# Application URL (with protocol)
-APP_URL=https://your-domain.com
+# Application URL
+APP_URL=http://localhost
 
-# Application domain (without protocol)
-APP_DOMAIN=your-domain.com
+# Application domain
+APP_DOMAIN=localhost
 
 # Timezone (see: https://www.php.net/manual/en/timezones.php)
 APP_TIMEZONE=UTC
@@ -35,10 +35,15 @@ DB_PORT=3306
 # Security Configuration
 # ==============================================================================
 
-# Session settings
+# Session settings (HTTP only)
 SESSION_LIFETIME=0
-SESSION_SECURE=true
-SESSION_SAMESITE=Strict
+SESSION_SECURE=false
+SESSION_SAMESITE=Lax
+
+# NOTE: ENABLE THIS IF YOU ARE USING HTTPS
+# SESSION_SECURE=true
+# SESSION_SAMESITE=Strict
+
 
 # Session encryption key (generate a random 32-character string)
 SESSION_KEY=CHANGE_THIS_32_CHARACTER_SESSION_KEY
@@ -77,15 +82,14 @@ LOG_MAX_FILES=10
 # Docker Configuration
 # ==============================================================================
 
-# Default admin user credentials (Docker version)
-ADMIN_EMAIL=admin@your-domain.com
-ADMIN_PASSWORD=CHANGE_THIS_ADMIN_PASSWORD
+# Default admin user credentials
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=123456789
 # Docker Compose project name
 COMPOSE_PROJECT_NAME=accounting_panel
 
-# Port configuration for Docker services
+# Port configuration for Docker services (HTTP only)
 HTTP_PORT=80
-HTTPS_PORT=443
 PHPMYADMIN_PORT=8080
 DB_PORT_EXPOSE=3306
 # Database root password (for administration in docker)

Dockerfile

@@ -93,16 +93,15 @@ RUN composer dump-autoload --optimize --no-dev
 RUN echo '#!/bin/bash' > /usr/local/bin/start-app.sh \
     && echo 'set -e' >> /usr/local/bin/start-app.sh \
     && echo '' >> /usr/local/bin/start-app.sh \
-    && echo '# Wait for database' >> /usr/local/bin/start-app.sh \
-    && echo 'echo "Waiting for database connection..."' >> /usr/local/bin/start-app.sh \
-    && echo 'until mariadb -h"$DB_HOST" -u"$DB_USER" -p"$DB_PASS" "$DB_NAME" --skip-ssl -e "SELECT 1;" >/dev/null 2>&1; do' >> /usr/local/bin/start-app.sh \
-    && echo '  echo "Database not ready. Trying: mariadb -h$DB_HOST -u$DB_USER -p[HIDDEN] $DB_NAME --skip-ssl"' >> /usr/local/bin/start-app.sh \
-    && echo '  mariadb -h"$DB_HOST" -u"$DB_USER" -p"$DB_PASS" "$DB_NAME" --skip-ssl -e "SELECT 1;" 2>&1 | head -3' >> /usr/local/bin/start-app.sh \
-    && echo '  echo "^ If you see access denied error, run: docker compose down -v && docker compose up -d"' >> /usr/local/bin/start-app.sh \
-    && echo '  echo "Waiting 2 seconds..."' >> /usr/local/bin/start-app.sh \
-    && echo '  sleep 2' >> /usr/local/bin/start-app.sh \
-    && echo 'done' >> /usr/local/bin/start-app.sh \
-    && echo 'echo "Database connected successfully!"' >> /usr/local/bin/start-app.sh \
+    && echo '# Setup database user (MariaDB healthcheck ensures DB is fully ready)' >> /usr/local/bin/start-app.sh \
+    && echo 'echo "Setting up application database user..."' >> /usr/local/bin/start-app.sh \
+    && echo '# Create application user if needed (database already exists from healthcheck)' >> /usr/local/bin/start-app.sh \
+    && echo 'mariadb -h"$DB_HOST" -uroot -p"$DB_ROOT_PASSWORD" --skip-ssl << EOF' >> /usr/local/bin/start-app.sh \
+    && echo 'CREATE USER IF NOT EXISTS '\''$DB_USER'\''@'\''%'\'' IDENTIFIED BY '\''$DB_PASS'\'';' >> /usr/local/bin/start-app.sh \
+    && echo 'GRANT ALL PRIVILEGES ON \`$DB_NAME\`.* TO '\''$DB_USER'\''@'\''%'\'';' >> /usr/local/bin/start-app.sh \
+    && echo 'FLUSH PRIVILEGES;' >> /usr/local/bin/start-app.sh \
+    && echo 'EOF' >> /usr/local/bin/start-app.sh \
+    && echo 'echo "✓ Application user configured"' >> /usr/local/bin/start-app.sh \
     && echo '' >> /usr/local/bin/start-app.sh \
     && echo '# Ensure proper permissions on critical directories' >> /usr/local/bin/start-app.sh \
     && echo 'echo "Fixing permissions..."' >> /usr/local/bin/start-app.sh \

docker-compose.yml

@@ -22,11 +22,13 @@ services:
     ports:
       - "${DB_PORT_EXPOSE:-3306}:3306"
     healthcheck:
-      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      # Simple but reliable check: wait for MariaDB to accept connections
+      # Database and user creation happens automatically during container initialization
+      test: ["CMD-SHELL", "mariadb -u root -p$$MYSQL_ROOT_PASSWORD --skip-ssl -e 'SELECT 1;' >/dev/null 2>&1"]
       start_period: 30s
       interval: 10s
       timeout: 10s
-      retries: 5
+      retries: 10
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --bind-address=0.0.0.0
 
   # PHP-FPM Application
@@ -82,11 +84,12 @@ services:
     networks:
       - accounting_network
     healthcheck:
-      test: ["CMD-SHELL", "pidof php-fpm > /dev/null || exit 1"]
+      # Verify both PHP-FPM and database connectivity with application user
+      test: ["CMD-SHELL", "pidof php-fpm > /dev/null && mariadb -h$$DB_HOST -u$$DB_USER -p$$DB_PASS $$DB_NAME --skip-ssl -e 'SELECT 1;' >/dev/null 2>&1"]
       interval: 30s
-      timeout: 10s
+      timeout: 15s
       retries: 3
-      start_period: 60s
+      start_period: 90s
 
   # Caddy Web Server
   caddy:
@@ -98,12 +101,10 @@ services:
         condition: service_healthy
     ports:
       - "${HTTP_PORT:-80}:80"
-      - "${HTTPS_PORT:-443}:443"
     env_file:
       - .env
     volumes:
       - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
-      - ./docker/caddy/ssl:/etc/caddy/ssl:ro
       - ./public:/var/www/html/public:ro
       - caddy_data:/data
       - caddy_config:/config

docker/caddy/Caddyfile

@@ -1,46 +1,16 @@
-# Caddy Configuration for PersonalAccounter
-# This is the default configuration for development/manual setup
-# The setup.sh script will replace this with domain-specific configuration
-
 {
     admin off
-    local_certs
+    # No SSL - HTTP only for simplicity
 }
 
-# HTTP server - works on both ports 80 and 8080
+# HTTP server - localhost only, no SSL complexity
 :80, :8080 {
     root * /var/www/html/public
 
-    # Security headers
-    header {
-        X-Content-Type-Options nosniff
-        X-Frame-Options DENY
-        -Server
-    }
-    
-    # Enable file server
-    file_server
-    
-    # Enable gzip compression
-    encode gzip
-    
-    # PHP handling
-    php_fastcgi app:9000
-}
-
-# HTTPS server - default port 443 and 8443 with self-signed certificate
-:443, :8443 {
-    root * /var/www/html/public
-    
-    # Self-signed TLS certificate for development/testing
-    # Note: setup.sh will configure proper Let's Encrypt or domain-specific SSL
-    tls internal
-    
-    # Security headers
+    # Security headers (HTTP only)
     header {
         X-Content-Type-Options nosniff
         X-Frame-Options DENY
-        Strict-Transport-Security "max-age=31536000; includeSubDomains"
         -Server
     }