feat: Add single-origin reverse proxy deployment with runtime web config

[AnishSarkar22]

Description

• Adds bundled Caddy reverse proxy support for the Docker production stack, including proxy assets, route configuration, backend streaming fixes, and updated installer output for single-origin access.
• Introduces runtime web configuration so packaged clients can consume server-injected flags while keeping NEXT_PUBLIC values as build-time fallbacks where needed.
• Refactors frontend URL construction to use dynamic backend URL helpers and HOSTED_BACKEND_URL, replacing direct BACKEND_URL usage across auth, dashboard, connectors, document upload, and callback flows.
• Updates backend configuration to derive frontend and backend URLs from SURFSENSE_PUBLIC_URL, aligning app behavior with same-origin proxy deployments.
• Aligns CI, Playwright, Docker workflows, and environment examples with the new runtime environment variable model.
• Removes obsolete Flower dependency/configuration and drops the Google sign-in CTA from marketing pages.
• Documents the new runtime environment variables and single-origin proxy deployment flow.
• Fixed the messaging channel tab error. It now shows a graceful message when GATEWAY_ENABLED=FALSE.

Motivation and Context

FIX #576, #1495

Screenshots

API Changes

• This PR includes API changes

Change Type

• Bug fix
• New feature
• Performance improvement
• Refactoring
• Documentation
• Dependency/Build system
• Breaking change
• Other (specify):

Testing Performed

• Tested locally
• Manual/QA verification

Checklist

• Follows project coding standards and conventions
• Documentation updated as needed
• Dependencies updated as needed
• No lint/build errors or new warnings
• All relevant tests are passing

High-level PR Summary

This PR introduces a bundled Caddy reverse proxy for SurfSense Docker deployments, consolidating the frontend, backend, and zero-cache services behind a single public origin. The changes eliminate the need for multiple exposed ports and enable automatic HTTPS for custom domains. The frontend now reads runtime configuration (AUTH_TYPE, ETL_SERVICE, DEPLOYMENT_MODE) server-side instead of baking them at build time, allowing a single Docker image to support multiple deployment modes. Build-time NEXT_PUBLIC_* environment variable substitution is removed in favor of same-origin relative browser URLs (/api/v1, /auth, /zero) routed internally by Caddy. A new buildBackendUrl helper ensures browser-facing backend URLs work in both proxy and packaged-client modes. The backend drops the flower dependency, connector OAuth callback URIs update to use the public URL, and documentation reflects the single-origin architecture. CI workflows simplify environment variable handling, and ESLint rules prevent direct import of the now-empty BACKEND_URL constant to enforce consistent same-origin URL construction.

⏱️ Estimated Review Time: 1-3 hours

💡 Review Order Suggestion

Order	File Path
1	docker/.env.example
2	docker/docker-compose.yml
3	docker/proxy/Caddyfile
4	docker/proxy/Dockerfile
5	docker/docker-compose.proxy.yml
6	docker/docker-compose.dev.yml
7	docker/scripts/install.sh
8	surfsense_web/lib/env-config.ts
9	surfsense_web/components/providers/runtime-config.tsx
10	surfsense_web/components/providers/runtime-config.server.tsx
11	surfsense_web/app/dashboard/layout.tsx
12	surfsense_web/app/dashboard/dashboard-shell.tsx
13	surfsense_web/app/(home)/login/layout.tsx
14	surfsense_web/app/(home)/register/layout.tsx
15	surfsense_web/app/desktop/login/layout.tsx
16	surfsense_web/app/api/v1/[...path]/route.ts
17	surfsense_web/app/auth/[...path]/route.ts
18	surfsense_web/components/providers/ZeroProvider.tsx
19	surfsense_web/Dockerfile
20	surfsense_web/docker-entrypoint.sh
21	surfsense_web/docker-entrypoint.js
22	surfsense_backend/app/config/__init__.py
23	surfsense_web/eslint.config.mjs
24	surfsense_web/app/(home)/login/page.tsx
25	surfsense_web/app/(home)/login/GoogleLoginButton.tsx
26	surfsense_web/app/(home)/login/LocalLoginForm.tsx
27	surfsense_web/app/(home)/register/page.tsx
28	surfsense_web/app/desktop/login/page.tsx
29	surfsense_web/components/auth/sign-in-button.tsx
30	surfsense_web/components/assistant-ui/connector-popup/tabs/all-connectors-tab.tsx
31	surfsense_web/app/dashboard/[search_space_id]/new-chat/[[...chat_id]]/page.tsx
32	surfsense_web/components/layout/ui/sidebar/DocumentsSidebar.tsx
33	surfsense_web/components/sources/DocumentUploadTab.tsx
34	surfsense_web/components/sources/FolderWatchDialog.tsx
35	surfsense_web/lib/supported-extensions.ts
36	surfsense_web/lib/auth-utils.ts
37	surfsense_web/lib/apis/base-api.service.ts
38	surfsense_web/lib/apis/anonymous-chat-api.service.ts
39	surfsense_web/hooks/use-search-source-connectors.ts
40	surfsense_web/components/assistant-ui/connector-popup/hooks/use-connector-dialog.ts
41	surfsense_web/components/assistant-ui/connector-popup/connector-configs/views/connector-edit-view.tsx
42	surfsense_web/components/assistant-ui/connector-popup/views/connector-accounts-list-view.tsx
43	surfsense_web/components/assistant-ui/connector-popup/connector-configs/components/circleback-config.tsx
44	surfsense_web/components/layout/ui/tabs/DocumentTabContent.tsx
45	surfsense_web/components/editor-panel/editor-panel.tsx
46	surfsense_web/components/editor-panel/memory.ts
47	surfsense_web/components/report-panel/report-panel.tsx
48	surfsense_web/components/settings/general-settings-manager.tsx
49	surfsense_web/components/documents/download-original-button.tsx
50	surfsense_web/app/dashboard/[search_space_id]/user-settings/components/MessagingChannelsContent.tsx
51	surfsense_web/components/tool-ui/generate-resume.tsx
52	surfsense_web/components/tool-ui/podcast/player.tsx
53	surfsense_web/components/tool-ui/sandbox-execute.tsx
54	surfsense_web/components/tool-ui/video-presentation/generate-video-presentation.tsx
55	surfsense_web/components/free-chat/anonymous-chat.tsx
56	surfsense_web/components/free-chat/free-chat-page.tsx
57	surfsense_web/components/homepage/hero-section.tsx
58	surfsense_web/lib/chat/thread-persistence.ts
59	surfsense_web/app/verify-token/route.ts
60	surfsense_web/app/api/zero/query/route.ts
61	surfsense_web/app/dashboard/[search_space_id]/connectors/callback/route.ts
62	surfsense_web/app/(home)/free/page.tsx
63	surfsense_web/app/(home)/free/[model_slug]/page.tsx
64	surfsense_web/app/sitemap.ts
65	surfsense_web/.env.example
66	surfsense_web/playwright.config.ts
67	.github/workflows/desktop-release.yml
68	.github/workflows/docker-build.yml
69	.github/workflows/e2e-tests.yml
70	surfsense_desktop/scripts/build-electron.mjs
71	surfsense_desktop/src/modules/server.ts
72	surfsense_backend/pyproject.toml
73	surfsense_backend/uv.lock
74	surfsense_web/content/docs/docker-installation/docker-compose.mdx
75	surfsense_web/content/docs/docker-installation/dev-compose.mdx
76	surfsense_web/content/docs/docker-installation/install-script.mdx
77	surfsense_web/content/docs/manual-installation.mdx
78	surfsense_web/content/docs/how-to/zero-sync.mdx
79	surfsense_web/content/docs/messaging-channels/docker.mdx
80	surfsense_web/components/assistant-ui/connector-popup/connect-forms/components/obsidian-connect-form.tsx

⚠️ Inconsistent Changes Detected

File Path	Warning
surfsense_backend/pyproject.toml	Removes the flower Celery monitoring dependency, which appears unrelated to the reverse proxy architecture changes.
surfsense_web/app/(home)/free/[model_slug]/page.tsx	Refactors a flatMap expression for static params generation in an unrelated free-chat page, which does not involve reverse proxy or environment variable changes.

[vercel]

@AnishSarkar22 is attempting to deploy a commit to the Rohan Verma's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 92e34cdd-b4a0-467e-81e7-c3ec0ad8d94d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}