Docs consolidation

Docs/ssl-certificates.md

@@ -0,0 +1,73 @@
+# SSL Certificates & HTTPS
+
+Chronicle uses automatic HTTPS setup for secure microphone access and remote connections.
+
+## Why HTTPS is Needed
+
+Modern browsers require HTTPS for:
+- **Microphone access** over network (not localhost)
+- **Secure WebSocket connections** (WSS)
+- **Remote access** via Tailscale/VPN
+- **Production deployments**
+
+## SSL Implementation
+
+### Advanced Backend → Caddy
+
+The main backend uses **Caddy** for automatic HTTPS:
+
+**Configuration**: `backends/advanced/Caddyfile`
+**Activation**: Caddy starts when using `--profile https` or when wizard enables HTTPS
+**Certificate**: Self-signed for local/Tailscale IPs, automatic Let's Encrypt for domains
+
+**Ports**:
+- `443` - HTTPS (main access)
+- `80` - HTTP (redirects to HTTPS)
+
+**Access**: `https://localhost` or `https://your-tailscale-ip`
+
+### Speaker Recognition → nginx
+
+The speaker recognition service uses **nginx** for HTTPS:
+
+**Configuration**: `extras/speaker-recognition/nginx.conf`
+**Certificate**: Self-signed via `ssl/generate-ssl.sh`
+
+**Ports**:
+- `8444` - HTTPS
+- `8081` - HTTP (redirects to HTTPS)
+
+**Access**: `https://localhost:8444`
+
+## Setup via Wizard
+
+When you run `./wizard.sh`, the setup wizard:
+1. Asks if you want to enable HTTPS
+2. Prompts for your Tailscale IP or domain
+3. Generates SSL certificates automatically
+4. Configures Caddy/nginx as needed
+5. Updates CORS settings for HTTPS origins
+
+**No manual setup required** - the wizard handles everything.
+
+## Browser Certificate Warnings
+
+Since we use self-signed certificates for local/Tailscale IPs, browsers will show security warnings:
+
+1. Click "Advanced"
+2. Click "Proceed to localhost (unsafe)" or similar
+3. Microphone access will now work
+
+For production with real domains, Caddy automatically obtains valid Let's Encrypt certificates.
+
+## Troubleshooting
+
+**HTTPS not working**:
+- Check Caddy/nginx containers are running: `docker compose ps`
+- Verify certificates exist: `ls backends/advanced/ssl/` or `ls extras/speaker-recognition/ssl/`
+- Check you're using `https://` not `http://`
+
+**Microphone not accessible**:
+- Ensure you're accessing via HTTPS (not HTTP)
+- Accept browser certificate warning
+- Verify you're not using `localhost` from remote device (use Tailscale IP instead)

backends/advanced/Docs/UI.md

@@ -10,7 +10,7 @@ The Chronicle web dashboard provides a comprehensive interface for managing conv
 
 ### Dashboard URL
 - **HTTP**: `http://localhost:5173` (development) or `http://localhost:3000` (production)
-- **HTTPS**: `https://localhost/` (with HTTPS configuration via `init-https.sh`)
+- **HTTPS**: `https://localhost/` (automatic via setup wizard - see [Docs/ssl-certificates.md](../../../Docs/ssl-certificates.md))
 - **Live Recording**: Available at `/live-record` page for real-time audio streaming
 - **Network Access**: Configure `BACKEND_PUBLIC_URL` for remote device access via Tailscale/LAN
 

backends/advanced/README.md

@@ -34,15 +34,10 @@ Modern React-based web dashboard located in `./webui/` with:
 - **Transcription Provider**: Choose between Deepgram, Mistral, or Offline (Parakeet)
 - **LLM Provider**: Choose between OpenAI (recommended) or Ollama for memory extraction
 - **Memory Provider**: Choose between Friend-Lite Native or OpenMemory MCP
+- **HTTPS Configuration**: Optional SSL setup for microphone access (uses Caddy)
 - **Optional Services**: Speaker Recognition, network configuration
 - **API Keys**: Prompts for all required keys with helpful links
 
-**HTTPS Setup (Optional):**
-```bash
-# For microphone access and secure connections
-./setup-https.sh your-tailscale-ip
-```
-
 #### 2. Start Services 
 
 **HTTP Mode (Default - No SSL required):**
@@ -55,25 +50,13 @@ docker compose up --build -d
 
 **HTTPS Mode (For network access and microphone features):**
 ```bash
-# Start with nginx SSL proxy - requires SSL setup first (see below)
-docker compose up --build -d
+# Start with HTTPS (requires Caddy configuration from wizard)
+docker compose --profile https up --build -d
 ```
 - **Web Dashboard**: https://localhost/ or https://your-ip/
 - **Backend API**: https://localhost/api/ or https://your-ip/api/
 
-#### 3. HTTPS Setup (Optional - For Network Access & Microphone Features)
-
-For network access and microphone features, HTTPS can be configured during initialization or separately:
-
-```bash
-# If not done during init.sh, run HTTPS setup
-./init-https.sh 100.83.66.30  # Replace with your IP
-
-# Start with HTTPS proxy
-docker compose up --build -d
-```
-
-#### Access URLs
+#### 3. Access URLs
 
 **Friend-Lite Advanced Backend (Primary - ports 80/443):**
 - **HTTPS Dashboard**: https://localhost/ or https://your-ip/
@@ -91,7 +74,7 @@ docker compose up --build -d
 - 🌐 **Network Access** from other devices via Tailscale/LAN
 - 🔄 **Automatic protocol detection** - Frontend auto-configures for HTTP/HTTPS
 
-See [Docs/HTTPS_SETUP.md](Docs/HTTPS_SETUP.md) for detailed configuration.
+See [Docs/ssl-certificates.md](../../Docs/ssl-certificates.md) for how SSL is configured.
 
 ## Testing