fix

docs/plans/GenerateSSLFromExternalCaddy.md

@@ -0,0 +1,82 @@
+# Plan: Generate SSL From External Caddy
+
+## Context
+The user has an existing Caddy container (`f414de049d3c`) acting as a Certificate Authority. We will leverage Caddy's built-in **Automatic HTTPS** features to generate a valid certificate for `localhost` without manually using OpenSSL. By running a temporary Caddy command inside the container, we can trigger the internal CA to issue and store the certificates, which we then export.
+
+## User Stories
+
+### Story 1: Trigger Certificate Generation
+**As a** developer
+**I want** to trigger the external Caddy container to issue a certificate for `localhost`
+**So that** I have a valid certificate signed by its CA
+
+**Acceptance Criteria:**
+- A temporary Caddy command is executed inside the container to serve `localhost` on a non-conflicting port (e.g., 8443).
+- This triggers Caddy's automatic HTTPS logic to generate:
+    - `localhost.crt`
+    - `localhost.key`
+- These files are verified to exist in Caddy's storage (`/data/caddy/certificates/local/localhost/`).
+
+### Story 2: Export and Configure SSL
+**As a** developer
+**I want** to copy the generated certificates to my project and configure Vite
+**So that** the dev server uses them
+
+**Acceptance Criteria:**
+- The following files are copied from the container to the project's `.ssl/` directory:
+    - Leaf Cert: `/data/caddy/certificates/local/localhost/localhost.crt`
+    - Private Key: `/data/caddy/certificates/local/localhost/localhost.key`
+    - Root CA: `/data/caddy/pki/authorities/local/root.crt`
+- `vite.config.ts` is updated to use these files.
+- `.gitignore` is updated to ignore `.ssl/` (but maybe keep the folder structure).
+
+### Story 3: Trust the Root CA
+**As a** developer
+**I want** instructions to trust the Caddy Root CA on my host machine
+**So that** browsers accept the connection
+
+**Acceptance Criteria:**
+- `README.md` is updated with specific instructions for Linux (and other OSs if applicable) to trust the `.ssl/root.crt`.
+- Example for Linux: `sudo cp .ssl/root.crt /usr/local/share/ca-certificates/caddy-local.crt && sudo update-ca-certificates`.
+
+## Technical Specifications
+
+### Certificate Generation (Caddy Native)
+Instead of `openssl`, we use `caddy` itself.
+
+1.  **Trigger Generation**:
+    ```bash
+    docker exec -d f414de049d3c caddy respond --listen :8443 --domain localhost "SSL Init"
+    ```
+    *   `respond`: Simple command to serve a static response.
+    *   `--listen :8443`: Avoids conflict with the main Caddy process on 80/443.
+    *   `--domain localhost`: Tells Caddy to manage certificates for this domain.
+    *   `-d`: Run in detached mode (background).
+
+2.  **Wait & Verify**:
+    Wait a few seconds, then check:
+    ```bash
+    docker exec f414de049d3c ls -l /data/caddy/certificates/local/localhost/
+    ```
+
+3.  **Cleanup**:
+    Kill the temporary process (if it doesn't exit, though `respond` might run forever).
+    ```bash
+    docker exec f414de049d3c pkill -f "caddy respond"
+    ```
+
+### File Locations
+- **Container Paths**:
+    - Cert: `/data/caddy/certificates/local/localhost/localhost.crt`
+    - Key: `/data/caddy/certificates/local/localhost/localhost.key`
+    - Root CA: `/data/caddy/pki/authorities/local/root.crt`
+- **Host Destination**: `./.ssl/`
+
+### Vite Config
+Update `vite.config.ts`:
+```typescript
+https: {
+    key: fs.readFileSync('./.ssl/localhost.key'),
+    cert: fs.readFileSync('./.ssl/localhost.crt') // Note: Caddy uses .crt extension by default
+}
+```