Reverse Proxy
Honeyframe expects to sit behind a reverse proxy that terminates TLS and routes per-domain to the backend services (Platform8002, plus the App :8003 if a vertical app is enabled). The reference configuration uses nginx — Caddy and Traefik work but are not shipped pre-configured.
TLS / Certificates
The reference deployment terminates TLS at nginx and uses Let's Encrypt certificates issued by Certbot. Each public domain gets its own certificate; certs renew automatically via the certbot systemd timer.
LDAP
LDAP-backed authentication is on the roadmap as Phase 4 of the RBAC rollout. As of v0.0.x, Honeyframe authenticates against its own users table (hubstudio.users) only. There is no LDAP install option, no LDAP-related environment variable, and no LDAP fields in the install config.
Custom systemd Units
Honeyframe services run as systemd units. The standard install renders them from templates shipped in the systemd/ directory of the source tree, substituting placeholders for paths and the customer display name. This page covers the unit anatomy, where to drop overrides, and the operational guarantees the units provide.