- Update duplicate room ID messages across all languages for better clarity
- Enhance cached ID tips with double-click save mode functionality
- Add image optimization cache configuration to Nginx
- Document production environment variable sync requirements
- Add NEXT_IMAGE_UNOPTIMIZED to production config
- Add generic JSON-LD injector component and builders
- components/seo/JsonLd.tsx
- lib/seo/jsonld.ts
- Inject Organization and WebSite JSON-LD globally in [lang]/layout
- Inject WebApplication JSON-LD on the localized home page
- Localize description/url/inLanguage and set alternateName ["PrivyDrop", "PrivyDrop APP"]
- Inject FAQPage JSON-LD only on /[lang]/faq (not on home)
- Build Q&A from messages.text.faqs
- Inject BlogPosting + BreadcrumbList on blog post pages
- Use frontmatter.cover as image, localized breadcrumbs
Notes
- Use stable @id anchors (/#organization, /#website, /[lang]#app, /[lang]/blog/[slug]#post)
- Respect multi-language setup across en/zh/ja/es/de/fr/ko
- SameAs limited to GitHub and X as provided
- Site URL resolved via NEXT_PUBLIC_SITE_URL or defaults to https://www.privydrop.app
- generate-config.sh: add --with-nginx flag handling; when enabled, set NEXT_PUBLIC_API_URL empty to use same-origin /api and /socket.io; add BACKEND_INTERNAL_URL for SSR/internal fetch; adjust lan-tls HTTPS (8443) and TLS generation policy
- deploy.sh: show only valid access URLs when Nginx is enabled (gateway URLs), avoid misleading :3002/:3001 entries
- frontend (env/webrtc): return mutable transports [websocket,polling]; use empty signaling server for same-origin; comments in English
- frontend (next.config): support NEXT_IMAGE_UNOPTIMIZED to turn off image optimization in Docker
- frontend (health): prefer BACKEND_INTERNAL_URL for internal health checks, fallback to public URL/localhost
- docker-compose + Dockerfile(frontend): pass NEXT_IMAGE_UNOPTIMIZED and BACKEND_INTERNAL_URL envs
- generate-config.sh
- Add flags: --no-clean, --reset-ssl, --ssl-mode (letsencrypt|self-signed|provided)
- Stop deleting docker/ssl by default; only wipe on explicit --reset-ssl
- Inject ACME webroot route into HTTP (80) server; create docker/letsencrypt-www
- Default SSL_MODE: full=letsencrypt, private/public=self-signed
- Add enable_https_if_cert_present: append 443 server only when server-cert.pem/server-key.pem exist
- Keep self-signed path generating HTTPS immediately (non-basic)
- docker-compose.yml
- Mount ./docker/letsencrypt-www:/var/www/certbot:ro for Nginx ACME challenges
- deploy.sh
- Add --le-email for Let’s Encrypt account email
- Auto-install certbot once (apt-get) and enable systemd timer if available
- Install deploy hook at /etc/letsencrypt/renewal-hooks/deploy/privydrop-reload.sh to:
- Copy renewed certs into docker/ssl
- Hot-reload Nginx; HUP or restart coturn
- First-time issuance (webroot) for <domain> and turn.<domain> after Nginx:80 is up; copy certs
- Re-run generate-config with --no-clean --ssl-mode letsencrypt to enable 443, then reload Nginx
- Behavior changes
- Full mode prefers Let’s Encrypt by default; HTTPS gets enabled as soon as certs exist
- docker/ssl is no longer wiped by config generation
- Notes
- SNI-based turns:443 is not implemented yet (planned)
- Backward compatible with private/public (self-signed)
Test steps:
bash docker/scripts/generate-config.sh --mode private [--local-ip 192.168.0.113]
bash ./deploy.sh --mode private
Front-end directly inlines NEXT_PUBLIC_API_URL, directly connecting to the backend.
CORS (production) supports comma-separated multiple origins, with localhost and local network IPs included by default.
david_bai