feat(app): Add HTTPS/TLS support with certificate and key for secure connections.

[terabytesoftw]

Q	A
Is bugfix	✔️
New feature	❌
Breaks BC	❌

Summary by CodeRabbit

• New Features

  • Added SSL/TLS support for secure HTTPS access.
  • Enabled automatic redirect from HTTP to HTTPS.
  • Introduced a default HTTPS port (8443) while retaining HTTP (8080).

• Documentation

  • Updated feature list to include SSL support (e.g., via mkcert).
  • Added changelog entry noting the new HTTPS capability.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds HTTPS support via TLS configuration in .rr.yaml (port 8443, cert/key paths, HTTP→HTTPS redirect). Updates CHANGELOG with an enhancement entry and README features with SSL Support. No code or public API changes.

Changes

Cohort / File(s)	Summary
Server TLS config .\rr.yaml	Introduces SSL block under http: sets TLS port 8443, certificate web/ssl/localhost.pem, key web/ssl/localhost-key.pem, and redirect: true from HTTP to HTTPS.
Documentation updates CHANGELOG.md, README.md	CHANGELOG: adds Enh #145 noting SSL support under 0.1.1 (Under development). README: adds “SSL Support (mkcert)” to Features list.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: Add SSL support with configuration updates for Apache, FrankenPHP and Nginx, including certificate files. #108 — Adds similar SSL/TLS configuration (cert/key paths, HTTPS port, redirects) in a related app template.

Poem

I nibbled keys and polished certs so bright,
Port 8443 hums through the night.
HTTP bows, “After you,” to HTTPS grace,
Redirects hop—secure in place.
With mkcert clover in my paw,
I ship this change—no flaws, no flaw! 🐇🔐

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-mini-54

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[terabytesoftw]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

README.md (1)

41-41: Tighten wording: use HTTPS/TLS and clarify mkcert context

“secure HTTPS connections with SSL (mkcert)” is a bit redundant and mixes terms. Suggest:

- - ✅ **SSL Support** - Configured for secure HTTPS connections with SSL (mkcert).
+ - ✅ **HTTPS/TLS Support** - Local HTTPS via TLS using mkcert-generated certificates.

CHANGELOG.md (1)

9-9: Use HTTPS/TLS terminology consistently

Prefer “HTTPS/TLS” over “SSL” to avoid legacy wording.

-- Enh #145: Add SSL support with certificate and key for secure HTTPS connections (@terabytesoftw)
+- Enh #145: Add HTTPS/TLS support with certificate and key for secure connections (@terabytesoftw)

.rr.yaml (3)

14-19: Optional: enable HTTP/2 for better dev parity/perf

If your RR version supports it, enable HTTP/2 when TLS is on:

 http:
     address: :8080
+    http2: true

---

14-19: Gate redirects/certs for prod vs dev

For local dev this is perfect. In staged/prod behind a reverse proxy, unconditional redirect: true can conflict with upstream TLS termination. Consider env-gating or separate rr config files (e.g., .rr.dev.yaml with SSL, .rr.prod.yaml without, included via --config).

I can provide a minimal split-config example if you want.

---

20-23: Consider adding HSTS in production

Add Strict-Transport-Security when deploying publicly (omit for localhost):

     headers:
         response:
             "Cache-Control": "no-cache"
+            # "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload"  # enable in prod only

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d9c4b86 and f4321e8.

⛔ Files ignored due to path filters (3)

• composer.lock is excluded by !**/*.lock
• web/ssl/localhost-key.pem is excluded by !**/*.pem
• web/ssl/localhost.pem is excluded by !**/*.pem

📒 Files selected for processing (3)

• .rr.yaml (1 hunks)
• CHANGELOG.md (1 hunks)
• README.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[grammar] ~41-~41: There might be a mistake here.
Context: ...ure HTTPS connections with SSL (mkcert). - ✅ Testing Ready - Codeception test s...

(QB_NEW_EN)

🔇 Additional comments (1)

.rr.yaml (1)

14-19: LGTM: TLS block correctly enables HTTPS with redirect

The ssl stanza (port 8443, cert/key, redirect) looks correct for local HTTPS via RoadRunner. No functional concerns.