fix: corrects installer

Author: mrdevrobot

deploy/linux/install.sh

@@ -5,6 +5,7 @@
 # Usage:
 #   sudo ./install.sh [--grpc-port N] [--rest-port N] [--studio-port N]
 #                     [--root-key KEY] [--source-url URL] [--data-dir DIR]
+#                     [--cert-path PATH] [--cert-password PASS]
 #                     [--no-studio] [--non-interactive]
 #
 # Without arguments the script runs interactively and prompts for each setting.
@@ -24,6 +25,8 @@ STUDIO_PORT=2628
 ROOT_KEY=""
 SOURCE_URL="https://github.com/EntglDb/BLite.Server"
 STUDIO_ENABLED="true"
+CERT_PATH=""
+CERT_PASSWORD=""
 NON_INTERACTIVE=false
 
 # ── Colour helpers ────────────────────────────────────────────────────────────
@@ -42,6 +45,8 @@ while [[ $# -gt 0 ]]; do
         --source-url)      SOURCE_URL="$2";   shift 2 ;;
         --data-dir)        DATA_DIR="$2";     shift 2 ;;
         --no-studio)       STUDIO_ENABLED="false"; shift ;;
+        --cert-path)       CERT_PATH="$2";         shift 2 ;;
+        --cert-password)   CERT_PASSWORD="$2";     shift 2 ;;
         --non-interactive) NON_INTERACTIVE=true;    shift ;;
         *) error "Unknown option: $1"; exit 1 ;;
     esac
@@ -103,6 +108,17 @@ prompt SOURCE_URL     "Source URL (AGPLv3 §13 compliance)" "$SOURCE_URL"
 prompt STUDIO_ENABLED "Enable Studio UI (true/false)"      "$STUDIO_ENABLED"
 prompt DATA_DIR       "Data directory"                     "$DATA_DIR"
 
+# Optional TLS certificate (leave empty to use plain HTTP)
+if ! $NON_INTERACTIVE && [[ -z "$CERT_PATH" ]]; then
+    read -rp "Certificate (.pfx/.pem) path [leave empty for plain HTTP]: " _cert_input
+    CERT_PATH="${_cert_input:-}"
+    if [[ -n "$CERT_PATH" ]]; then
+        read -rsp "Certificate password [leave empty if none]: " _pass_input
+        echo ""
+        CERT_PASSWORD="${_pass_input:-}"
+    fi
+fi
+
 echo ""
 info "Installing BLite Server with the following settings:"
 echo "  Install dir   : $INSTALL_DIR"
@@ -112,6 +128,11 @@ echo "  gRPC port     : $GRPC_PORT"
 echo "  REST port     : $REST_PORT"
 echo "  Studio port   : $STUDIO_PORT"
 echo "  Studio enabled: $STUDIO_ENABLED"
+if [[ -n "$CERT_PATH" ]]; then
+echo "  Certificate   : $CERT_PATH (HTTPS enabled)"
+else
+echo "  TLS           : disabled (plain HTTP)"
+fi
 echo "  Source URL    : $SOURCE_URL"
 echo ""
 
@@ -145,6 +166,19 @@ chmod 750 "$DATA_DIR"
 info "Writing configuration to $CONFIG_DIR..."
 mkdir -p "$CONFIG_DIR"
 
+# Determine protocol scheme and install certificate when provided
+if [[ -n "$CERT_PATH" ]]; then
+    _SCHEME="https"
+    _DEST_CERT="$CONFIG_DIR/server.pfx"
+    cp "$CERT_PATH" "$_DEST_CERT"
+    chown root:"$SERVICE_USER" "$_DEST_CERT"
+    chmod 640 "$_DEST_CERT"
+    info "Certificate installed at $_DEST_CERT"
+    CERT_PATH="$_DEST_CERT"
+else
+    _SCHEME="http"
+fi
+
 # Environment file read by the systemd unit (EnvironmentFile=-/etc/blite-server/environment)
 cat > "$CONFIG_DIR/environment" <<EOF
 # BLite Server — site configuration
@@ -155,11 +189,11 @@ cat > "$CONFIG_DIR/environment" <<EOF
 Auth__RootKey=${ROOT_KEY}
 
 # Kestrel endpoint URLs
-KESTREL__ENDPOINTS__GRPC__URL=http://*:${GRPC_PORT}
+KESTREL__ENDPOINTS__GRPC__URL=${_SCHEME}://*:${GRPC_PORT}
 KESTREL__ENDPOINTS__GRPC__PROTOCOLS=Http2
-KESTREL__ENDPOINTS__REST__URL=http://*:${REST_PORT}
+KESTREL__ENDPOINTS__REST__URL=${_SCHEME}://*:${REST_PORT}
 KESTREL__ENDPOINTS__REST__PROTOCOLS=Http1AndHttp2
-KESTREL__ENDPOINTS__STUDIO__URL=http://*:${STUDIO_PORT}
+KESTREL__ENDPOINTS__STUDIO__URL=${_SCHEME}://*:${STUDIO_PORT}
 KESTREL__ENDPOINTS__STUDIO__PROTOCOLS=Http1AndHttp2
 
 # Data paths
@@ -175,6 +209,16 @@ LICENSE__SOURCEURL=${SOURCE_URL}
 ASPNETCORE_ENVIRONMENT=Production
 EOF
 
+# Append TLS certificate settings when HTTPS is enabled
+if [[ -n "$CERT_PATH" ]]; then
+    cat >> "$CONFIG_DIR/environment" <<EOFSSL
+
+# TLS certificate
+KESTREL__CERTIFICATES__DEFAULT__PATH=${CERT_PATH}
+KESTREL__CERTIFICATES__DEFAULT__PASSWORD=${CERT_PASSWORD}
+EOFSSL
+fi
+
 chmod 640 "$CONFIG_DIR/environment"
 chown root:"$SERVICE_USER" "$CONFIG_DIR/environment"
 
@@ -224,10 +268,10 @@ echo -e "${GREEN}╔════════════════════
 echo -e "${GREEN}║  BLite Server installed and running successfully ║${NC}"
 echo -e "${GREEN}╚══════════════════════════════════════════════════╝${NC}"
 echo ""
-echo "  gRPC  → http://localhost:${GRPC_PORT}"
-echo "  REST  → http://localhost:${REST_PORT}"
+echo "  gRPC   → ${_SCHEME}://localhost:${GRPC_PORT}"
+echo "  REST   → ${_SCHEME}://localhost:${REST_PORT}"
 if [[ "$STUDIO_ENABLED" == "true" ]]; then
-echo "  Studio → http://localhost:${STUDIO_PORT}"
+echo "  Studio → ${_SCHEME}://localhost:${STUDIO_PORT}"
 fi
 echo ""
 echo "  Service status : systemctl status blite-server"

deploy/windows/blite-server.iss

@@ -57,13 +57,16 @@ Name: "{group}\{cm:UninstallProgram,{#AppName}}"; Filename: "{uninstallexe}"
 
 [Code]
 var
-  ConfigPage:  TInputQueryWizardPage;
-  GrpcPort:    String;
-  RestPort:    String;
-  StudioPort:  String;
-  RootKey:     String;
-  SourceUrl:   String;
-  StudioCheck: TNewCheckBox;
+  ConfigPage:   TInputQueryWizardPage;
+  SslPage:      TInputQueryWizardPage;
+  GrpcPort:     String;
+  RestPort:     String;
+  StudioPort:   String;
+  RootKey:      String;
+  SourceUrl:    String;
+  CertPath:     String;
+  CertPassword: String;
+  StudioCheck:  TNewCheckBox;
 
 procedure InitializeWizard;
 var
@@ -103,6 +106,20 @@ begin
   StudioCheck.Top       := StudioLabel.Top;
   StudioCheck.Left      := StudioLabel.Left + StudioLabel.Width + 8;
   StudioCheck.Width     := 80;
+
+  { ── SSL / TLS page (optional) ──────────────────────────────────────────── }
+  SslPage := CreateInputQueryPage(
+    ConfigPage.ID,
+    'HTTPS / TLS Configuration (optional)',
+    'Provide a PFX certificate to enable HTTPS on all endpoints.',
+    'Leave the certificate path empty to keep plain HTTP (recommended behind a reverse proxy).' + #13#10 +
+    'When a certificate is provided, all Kestrel endpoints switch to https://.');
+
+  SslPage.Add('Certificate (.pfx) full path:', False);
+  SslPage.Add('Certificate password:', True);
+
+  SslPage.Values[0] := '';
+  SslPage.Values[1] := '';
 end;
 
 { Validate input before allowing Next }
@@ -144,6 +161,18 @@ begin
       Result := False; Exit;
     end;
   end;
+
+  if CurPageID = SslPage.ID then
+  begin
+    CertPath     := Trim(SslPage.Values[0]);
+    CertPassword := Trim(SslPage.Values[1]);
+
+    if (CertPath <> '') and not FileExists(CertPath) then
+    begin
+      MsgBox('Certificate file not found:' + #13#10 + CertPath, mbError, MB_OK);
+      Result := False; Exit;
+    end;
+  end;
 end;
 
 { Escape a string for embedding inside a JSON value }
@@ -167,14 +196,36 @@ end;
 { Write appsettings.Production.json after all files are copied }
 procedure WriteAppSettings;
 var
-  Path:    String;
-  Content: String;
-  Studio:  String;
+  FilePath:    String;
+  Content:     String;
+  Studio:      String;
+  Scheme:      String;
+  CertSection: String;
 begin
-  Path := ExpandConstant('{app}\appsettings.Production.json');
+  FilePath := ExpandConstant('{app}\appsettings.Production.json');
 
   if StudioCheck.Checked then Studio := 'true' else Studio := 'false';
 
+  { Switch between http and https based on whether a certificate was provided }
+  if CertPath <> '' then
+  begin
+    Scheme := 'https';
+    CertSection :=
+      '  "Kestrel": {' + #13#10 +
+      '    "Certificates": {' + #13#10 +
+      '      "Default": {' + #13#10 +
+      '        "Path": "' + JsonEscape(CertPath) + '",' + #13#10 +
+      '        "Password": "' + JsonEscape(CertPassword) + '"' + #13#10 +
+      '      }' + #13#10 +
+      '    },' + #13#10 +
+      '    "Endpoints": {';
+  end
+  else
+  begin
+    Scheme := 'http';
+    CertSection := '  "Kestrel": {' + #13#10 + '    "Endpoints": {';
+  end;
+
   Content :=
     '{' + #13#10 +
     '  "Auth": {' + #13#10 +
@@ -184,18 +235,17 @@ begin
     '    "DatabasePath": "data\\blite.db",' + #13#10 +
     '    "DatabasesDirectory": "data\\tenants"' + #13#10 +
     '  },' + #13#10 +
-    '  "Kestrel": {' + #13#10 +
-    '    "Endpoints": {' + #13#10 +
+    CertSection + #13#10 +
     '      "Grpc": {' + #13#10 +
-    '        "Url": "http://*:' + GrpcPort + '",' + #13#10 +
+    '        "Url": "' + Scheme + '://*:' + GrpcPort + '",' + #13#10 +
     '        "Protocols": "Http2"' + #13#10 +
     '      },' + #13#10 +
     '      "Rest": {' + #13#10 +
-    '        "Url": "http://*:' + RestPort + '",' + #13#10 +
+    '        "Url": "' + Scheme + '://*:' + RestPort + '",' + #13#10 +
     '        "Protocols": "Http1AndHttp2"' + #13#10 +
     '      },' + #13#10 +
     '      "Studio": {' + #13#10 +
-    '        "Url": "http://*:' + StudioPort + '",' + #13#10 +
+    '        "Url": "' + Scheme + '://*:' + StudioPort + '",' + #13#10 +
     '        "Protocols": "Http1AndHttp2"' + #13#10 +
     '      }' + #13#10 +
     '    }' + #13#10 +
@@ -208,7 +258,7 @@ begin
     '  }' + #13#10 +
     '}' + #13#10;
 
-  SaveStringToFile(Path, Content, False);
+  SaveStringToFile(FilePath, Content, False);
 end;
 
 procedure CurStepChanged(CurStep: TSetupStep);

src/BLite.Server/Program.cs

@@ -30,9 +30,18 @@
 builder.Host.UseSystemd();
 
 // ── Configuration ─────────────────────────────────────────────────────────────
+// When running as a Windows Service the working directory is C:\Windows\System32.
+// Always resolve relative paths against the executable's directory so that the
+// database and tenant files end up next to the binary regardless of how the
+// process was started.
+static string ResolveAppPath(string path) =>
+    Path.IsPathRooted(path)
+        ? path
+        : Path.GetFullPath(Path.Combine(AppContext.BaseDirectory, path));
+
 var serverConfig = builder.Configuration.GetSection("BLiteServer");
-var dbPath = serverConfig.GetValue<string>("DatabasePath") ?? "blite.db";
-var databasesDir = serverConfig.GetValue<string>("DatabasesDirectory") ?? "data/tenants";
+var dbPath       = ResolveAppPath(serverConfig.GetValue<string>("DatabasePath")       ?? "blite.db");
+var databasesDir = ResolveAppPath(serverConfig.GetValue<string>("DatabasesDirectory") ?? "data/tenants");
 var pageSizeBytes = serverConfig.GetValue<int>("MaxPageSizeBytes");
 if (pageSizeBytes <= 0) pageSizeBytes = 16384;
 var pageConfig = new PageFileConfig

src/BLite.Server/Studio/SetupService.cs

@@ -20,9 +20,11 @@ public sealed class SetupService
 
     public SetupService(IConfiguration config)
     {
-        var dbPath  = config.GetValue<string>("BLiteServer:DatabasePath") ?? "blite.db";
-        var dir     = Path.GetDirectoryName(Path.GetFullPath(dbPath))
-                      ?? Directory.GetCurrentDirectory();
+        var raw    = config.GetValue<string>("BLiteServer:DatabasePath") ?? "blite.db";
+        var dbPath = Path.IsPathRooted(raw)
+            ? raw
+            : Path.GetFullPath(Path.Combine(AppContext.BaseDirectory, raw));
+        var dir     = Path.GetDirectoryName(dbPath) ?? AppContext.BaseDirectory;
         _markerPath = Path.Combine(dir, "server-setup.json");
     }
 

src/BLite.Server/appsettings.json

@@ -32,15 +32,15 @@
   "Kestrel": {
     "Endpoints": {
       "Grpc": {
-        "Url": "https://*:2626",
+        "Url": "http://*:2626",
         "Protocols": "Http2"
       },
       "Rest": {
-        "Url": "https://*:2627",
+        "Url": "http://*:2627",
         "Protocols": "Http1AndHttp2"
       },
       "Studio": {
-        "Url": "https://*:2628",
+        "Url": "http://*:2628",
         "Protocols": "Http1AndHttp2"
       }
     }