diff --git a/.env.example b/.env.example
index 41dd58fc..20b29f76 100644
--- a/.env.example
+++ b/.env.example
@@ -25,7 +25,19 @@ ADMIN_PASSWORD=Your-Secure-P@ssw0rd-Here!
# APPLICATION CONFIGURATION
# =============================================================================
-# Public base URL for the application
+# Public base URL for the application (IMPORTANT!)
+# This is the URL where users access your Caddy Proxy Manager interface.
+#
+# ** REQUIRED FOR OAUTH: If using OAuth2/OIDC authentication, this MUST match
+# the redirect URI configured in your OAuth provider exactly.
+# The redirect URI will be: {BASE_URL}/api/auth/callback/oauth2
+#
+# Examples:
+# - Local development: http://localhost:3000
+# - Production with domain: https://caddy-manager.example.com
+# - Production with IP: http://192.168.1.100:3000
+#
+# IMPORTANT: Do not include a trailing slash
BASE_URL=http://localhost:3000
# =============================================================================
@@ -70,7 +82,11 @@ OAUTH_ALLOW_AUTO_LINKING=false # Auto-link OAuth to accounts without pas
# OAUTH_CLIENT_ID=your-client-id
# OAUTH_CLIENT_SECRET=your-client-secret
# OAUTH_ISSUER=https://auth.example.com/application/o/caddy-proxy/
-# Redirect URI: {BASE_URL}/api/auth/callback/oauth2
+#
+# IMPORTANT: Configure the redirect URI in your OAuth provider:
+# Redirect URI = {BASE_URL}/api/auth/callback/oauth2
+# Example: http://localhost:3000/api/auth/callback/oauth2
+# or: https://caddy-manager.example.com/api/auth/callback/oauth2
# =============================================================================
# OPTIONAL: ADVANCED CONFIGURATION
diff --git a/.github/workflows/docker-build-pr.yml b/.github/workflows/docker-build-pr.yml
index 7397b0b2..e15502b0 100644
--- a/.github/workflows/docker-build-pr.yml
+++ b/.github/workflows/docker-build-pr.yml
@@ -49,8 +49,8 @@ jobs:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: false
- load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
+ platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/docker-build-trusted.yml b/.github/workflows/docker-build-trusted.yml
index a35eb348..15f0fd27 100644
--- a/.github/workflows/docker-build-trusted.yml
+++ b/.github/workflows/docker-build-trusted.yml
@@ -68,6 +68,6 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- platforms: linux/amd64
+ platforms: linux/amd64,linux/arm64
sbom: true
provenance: true
diff --git a/README.md b/README.md
index 890627c1..0333f6cb 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ docker compose up -d
Access at `http://localhost:3000/login`
-Data persists in `./data`, `./caddy-data`, and `./caddy-config`.
+Data persists in Docker volumes (caddy-manager-data, caddy-data, caddy-config, caddy-logs).
---
@@ -62,7 +62,7 @@ Data persists in `./data`, `./caddy-data`, and `./caddy-config`.
| `SESSION_SECRET` | Session encryption key (32+ chars) | None | **Yes** |
| `ADMIN_USERNAME` | Admin login username | `admin` | **Yes** |
| `ADMIN_PASSWORD` | Admin password (see requirements below) | `admin` (dev only) | **Yes** |
-| `BASE_URL` | Public URL of the dashboard | `http://localhost:3000` | No |
+| `BASE_URL` | Public URL where users access the dashboard.
**Required for OAuth** - must match redirect URI | `http://localhost:3000` | **Yes** (if using OAuth) |
| `CADDY_API_URL` | Caddy Admin API endpoint | `http://caddy:2019` (prod)
`http://localhost:2019` (dev) | No |
| `DATABASE_URL` | SQLite database URL | `file:/app/data/caddy-proxy-manager.db` | No |
| `CERTS_DIRECTORY` | Certificate storage directory | `./data/certs` | No |
@@ -121,6 +121,9 @@ Caddy automatically obtains Let's Encrypt certificates for all proxy hosts.
Supports any OIDC-compliant provider (Authentik, Keycloak, Auth0, etc.).
```bash
+# Set your public URL (REQUIRED for OAuth to work)
+BASE_URL=https://caddy-manager.example.com
+
OAUTH_ENABLED=true
OAUTH_PROVIDER_NAME="Authentik" # Display name
OAUTH_CLIENT_ID=your-client-id
@@ -128,7 +131,18 @@ OAUTH_CLIENT_SECRET=your-client-secret
OAUTH_ISSUER=https://auth.example.com/application/o/app/
```
-**Redirect URI**: `{BASE_URL}/api/auth/callback/oauth2`
+**Redirect URI Configuration:**
+
+You must configure this redirect URI in your OAuth provider:
+```
+{BASE_URL}/api/auth/callback/oauth2
+```
+
+Examples:
+- `http://localhost:3000/api/auth/callback/oauth2` (development)
+- `https://caddy-manager.example.com/api/auth/callback/oauth2` (production)
+
+The `BASE_URL` environment variable must match exactly where users access your dashboard.
OAuth login appears on the login page alongside credentials. Users can link OAuth to existing accounts from the Profile page.
diff --git a/app/(dashboard)/settings/SettingsClient.tsx b/app/(dashboard)/settings/SettingsClient.tsx
index 673748b9..24c27591 100644
--- a/app/(dashboard)/settings/SettingsClient.tsx
+++ b/app/(dashboard)/settings/SettingsClient.tsx
@@ -236,8 +236,8 @@ export default function SettingsClient({ general, cloudflare, authentik, metrics
- Access logs will be available at ./caddy-logs/access.log on the host machine.
- You can tail them with: docker exec caddy-proxy-manager-caddy tail -f /logs/access.log
+ Access logs are stored in the caddy-logs Docker volume.
+ You can view them with: docker exec caddy-proxy-manager-caddy tail -f /logs/access.log