update

readme.hints.md

@@ -43,3 +43,23 @@ ts/database/
 ## Current Migration Version: 8
 
 Migration 8 converted certificate storage from file paths to PEM content.
+
+## Reverse Proxy SNI Support (November 2025)
+
+The HTTPS reverse proxy now uses Node.js `https.createServer()` with SNI support:
+- Uses Deno's Node.js compatibility layer for `node:https` module
+- Implements `server.addContext(hostname, {cert, key})` for per-domain certificates
+- Dynamic certificate addition via `addCertificate()` without server restart
+- HTTP-to-HTTPS redirect when certificate exists for domain
+- Wildcard pattern support (e.g., `*.bleu.de` covers `sub.bleu.de`)
+
+**Key files:**
+- `ts/classes/reverseproxy.ts` - SNI-enabled HTTPS server
+- `ts/classes/services.ts` - Dynamic route updates on service start/stop
+
+**Certificate workflow:**
+1. `CertRequirementManager` creates requirements for domains
+2. Daemon processes requirements via `certmanager.ts`
+3. Certificates stored in database (PEM content)
+4. `reverseProxy.addCertificate()` dynamically adds SNI context
+5. HTTP requests redirect to HTTPS when cert exists