From f0a2f454e2e8890c0e33f074dfa2ab37777576ae Mon Sep 17 00:00:00 2001
From: Nawaz Dhandala <hello@nawazdhandala.com>
Date: Mon, 3 Nov 2025 21:51:14 +0000
Subject: [PATCH] feat(config,docker-compose): add PROVISION_SSL env and
 document Let's Encrypt provisioning

Expose PROVISION_SSL in docker-compose common variables and update config.example.env docs to explain automatic ACME/Let's Encrypt TLS provisioning and reverse-proxy alternative.
---
 config.example.env      | 10 ++++------
 docker-compose.base.yml |  1 +
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/config.example.env b/config.example.env
index 2b80496f75..7c17646591 100644
--- a/config.example.env
+++ b/config.example.env
@@ -2,6 +2,7 @@
 
 # Please change this to domain of the server where oneuptime is hosted on.
 HOST=localhost
+PROVISION_SSL=false
 
 # OneUptime Port. This is the port where OneUptime will be hosted on. 
 ONEUPTIME_HTTP_PORT=80
@@ -9,12 +10,9 @@ ONEUPTIME_HTTP_PORT=80
 # ==============================================
 # SETTING UP TLS/SSL CERTIFICATES
 # ==============================================
-# OneUptime DOES NOT support setting up SSL/TLS certificates. You need to setup SSL/TLS certificates on your own.
-# If you need to use SSL/TLS certificates, then you need to use a reverse proxy like Nginx/Caddy and use LetsEncrypt to provision the certificates.
-# You then need to point the reverse proxy to the OneUptime server.
-# Once you have done that, 
-# - You can set the HTTP_PROTOCOL to https
-# - Change the HOST to the domain name of the server where reverse proxy is hosted.
+# OneUptime can automatically provision SSL certificates for the HOST when PROVISION_SSL=true.
+# This requires port 80/443 to be reachable for Let's Encrypt validation and the HOST domain pointing to this server.
+# If you prefer to terminate TLS on an external reverse proxy, leave PROVISION_SSL=false and manage certificates yourself.
 HTTP_PROTOCOL=http
 
 # Secrets - PLEASE CHANGE THESE. Please change these to something random. All of these can be different values.
diff --git a/docker-compose.base.yml b/docker-compose.base.yml
index 6bd065eaa3..c0940da324 100644
--- a/docker-compose.base.yml
+++ b/docker-compose.base.yml
@@ -1,6 +1,7 @@
 
 x-common-variables: &common-variables
     HOST: ${HOST}
+    PROVISION_SSL: ${PROVISION_SSL}
 
     HTTP_PROTOCOL: ${HTTP_PROTOCOL}