auto_https off disabled TLS entirely, causing Caddy to serve plain
HTTP on port 443 which produced SSL_ERROR_RX_RECORD_TOO_LONG errors
in browsers. Removing it lets tls internal work correctly with
Caddy's self-signed certificates.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace ubuntu-26.04 (unreleased) with ubuntu-24.04 LTS throughout
- Add file provisioner to Packer HCL to copy overlays/ into VM before
provisioning (fixes missing zroc-setup binary in 03-setup-wizard.sh)
- Rebuild root docker-compose.yaml: full stack with env vars — Caddy,
zroc-ui, Authentik (server + worker + postgres + redis), Prometheus,
Grafana, Zerto exporter, Watchtower; no hardcoded credentials
- Add caddy/Caddyfile to repo root for reverse proxy / TLS
- Update 02-zroc.sh to pre-pull all service images during OVA build
- Update GitHub Actions workflow to reference ubuntu-2404.pkr.hcl
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>