docs: document portless demo via reverse proxy

2026-02-09 13:03:10 +00:00 · 2026-02-03 11:58:01 +01:00 · 2026-02-03 11:58:01 +01:00 · 16f3310ac8
commit 16f3310ac8
parent 3d46399cfc
2 changed files with 12 additions and 3 deletions
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@ -62,6 +62,12 @@ podman-compose --env-file .env.demo -f demo.yml up -d
 # 3. Access at http://localhost:4322
 ```

+For VPS deployments, it is recommended to bind demo ports to localhost and put a reverse proxy (TLS) in front.
+
+- Set `BACKEND_BIND_HOST=127.0.0.1` and `FRONTEND_BIND_HOST=127.0.0.1` in `compose/.env.demo`
+- Point `API_BASE` at your public domain (for example `https://openlikwid.org`)
+- Serve the demo via the reverse proxy on `80/443`
+
 ## Demo Instance Details

 ### Demo Accounts
@ -115,7 +121,9 @@ podman-compose --env-file compose/.env.demo -f compose/demo.yml up -d
 | DB_PORT           | 5432              | 5433                      | Database port                  |
 | JWT_SECRET        | (required)        | demo_jwt_secret_...       | JWT signing secret             |
 | BACKEND_PORT      | 3000              | 3001                      | Backend API port               |
+| BACKEND_BIND_HOST | 0.0.0.0           | 0.0.0.0                   | Backend bind host for published port (set to `127.0.0.1` on VPS) |
 | FRONTEND_PORT     | 4321              | 4322                      | Frontend port                  |
+| FRONTEND_BIND_HOST| 0.0.0.0           | 0.0.0.0                   | Frontend bind host for published port (set to `127.0.0.1` on VPS) |
 | API_BASE          | (your domain)     | http://localhost:3001     | Public API URL                 |
 | DEMO_MODE         | false             | true                      | Enable demo features           |

--- a/docs/admin/demo-operations.md
+++ b/docs/admin/demo-operations.md
@ -12,8 +12,9 @@ The demo is intended for public browsing and for guided exploration of a pre-see

 ## Services and ports

- Frontend: `http://<host>:4322`
- Backend API: `http://<host>:3001`
+- Public demo URL (recommended): `https://openlikwid.org/`
+- Frontend (local-only on VPS): `http://127.0.0.1:4322`
+- Backend API (local-only on VPS): `http://127.0.0.1:3001`
 - Database: not exposed publicly (bound to localhost in VPS deployments)

 ## Deploy/update (VPS)
@ -51,5 +52,5 @@ Resetting is destructive and recreates the demo database.
 ## Security notes

 - Keep the database port closed to the public internet.
- Prefer TLS and a reverse proxy once a domain is available.
+- Prefer TLS and a reverse proxy.
 - Treat demo credentials as public; the demo is not a private environment.