@@ -167,12 +167,16 @@ Features:
167167
168168### Infrastructure
169169
170- - All services communicate via HTTPS using Caddy's internal CA
171- - Caddy handles routing via ` *.localtest.me ` subdomains
172- - Default endpoints:
170+ - All services communicate via HTTPS using Caddy's internal CA (local) or Heroku's SSL (production)
171+ - ** Local development** : Caddy handles routing via ` *.localtest.me ` subdomains
173172 - Auth: ` https://id.localtest.me ` (port 3001)
174173 - API: ` https://api.localtest.me ` (port 3003)
175174 - APP: ` https://app.localtest.me ` (port 3004)
175+ - ** Production (Heroku)** : Deployed as Docker containers to Heroku apps with custom domains
176+ - Auth: ` https://auth.plaidypus.dev `
177+ - API: ` https://api.plaidypus.dev `
178+ - App: ` https://app.plaidypus.dev `
179+ - See ` docs/heroku-setup.md ` for full setup instructions
176180- Environment variables in ` .env ` control service configuration
177181- TypeScript with ESM modules across all apps
178182- Shared TypeScript configuration via ` tsconfig.base.json `
@@ -247,7 +251,7 @@ The authorization server uses JWKS (JSON Web Key Set) to sign JWT tokens:
247251- Proper cryptographic key rotation
248252- Unique key IDs for debugging (e.g., ` key-abc123def456 ` )
249253
250- ** Configuration location:** ` apps/auth/src/index.ts ` (lines 68-89 ) loads JWKS from environment and logs warnings if not set
254+ ** Configuration location:** ` apps/auth/src/index.ts ` (lines 110-129 ) loads JWKS from environment and logs warnings if not set
251255
252256## Sensitive Data Handling
253257
@@ -263,6 +267,7 @@ All sensitive configuration is managed through environment variables:
263267| ` COOKIE_SECRET ` | Session cookie signing | High - Never commit |
264268| ` JWKS ` | Token signing keys (contains private key) | Critical - Never commit |
265269| ` OIDC_CLIENTS ` | Multiple client configurations | High - Never commit |
270+ | ` POST_LOGOUT_REDIRECT_URI ` | Post-logout redirect URL | Low - Configurable per environment |
266271
267272### Template Configuration Files
268273
@@ -340,6 +345,7 @@ This project includes automated CI/CD pipelines and containerization support for
340345| -------- | ------- | ------- |
341346| ` ci.yml ` | PRs, push to main | Lint, build, security audit |
342347| ` security.yml ` | Weekly, dependency changes | CodeQL analysis, Docker image scanning |
348+ | ` deploy-heroku.yml ` | Push to main, manual | Build and deploy all services to Heroku |
343349| ` deploy-*.yml ` | Push to paths | Deploy individual services to VM |
344350
345351#### CI Workflow (` ci.yml ` )
@@ -388,6 +394,7 @@ docker compose up --build
388394- Non-root user for security
389395- Health checks for container orchestration
390396- Production-only dependencies
397+ - Heroku PORT compatibility (maps dynamic ` PORT ` to service-specific port vars)
391398
392399### Docker Compose
393400
0 commit comments