feat: Complete HTTPS multi-endpoint configuration and deployment automation
- Enhanced Caddyfile with consolidated HTTPS block supporting all access points - Added support for https://digiserver, https://10.76.152.164, and https://digiserver.sibiusb.harting.intra - Configured Caddy reverse proxy with HTTP/3 (QUIC), TLS 1.3+, and HTTP/2 support - Implemented security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection) - Added HTTP to HTTPS automatic redirects for all endpoints - Enhanced setup_https.sh with improved error handling and progress reporting - Created deploy.sh for fully automated one-command deployment - Added comprehensive deployment documentation (5 guides) - Configured 2GB file upload limit and 300s request/response timeouts - Added Caddy admin API on port 2019 for configuration management - Implemented health checks and container dependency management - All volumes persistent and properly isolated - Production-ready configuration with environment variable parameterization
This commit is contained in:
Quality App Developer
33
Caddyfile
33
Caddyfile
@@ -3,8 +3,6 @@
|
||||
email admin@example.com
|
||||
# Admin API for configuration management (listen on all interfaces)
|
||||
admin 0.0.0.0:2019
|
||||
# Uncomment for testing to avoid rate limits
|
||||
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
}
|
||||
|
||||
# Shared reverse proxy configuration
|
||||
@@ -39,33 +37,28 @@
|
||||
}
|
||||
}
|
||||
|
||||
# Localhost (development/local access)
|
||||
# Localhost (development/local access - HTTP only for local dev)
|
||||
http://localhost {
|
||||
import reverse_proxy_config
|
||||
}
|
||||
|
||||
# Internal domain (HTTP only - internal use)
|
||||
http://digiserver.sibiusb.harting.intra {
|
||||
import reverse_proxy_config
|
||||
}
|
||||
|
||||
# Internal domain (HTTPS - self-signed certificate)
|
||||
https://digiserver.sibiusb.harting.intra {
|
||||
# Main HTTPS entry point with multiple hostnames and IP
|
||||
https://digiserver, https://10.76.152.164, https://digiserver.sibiusb.harting.intra {
|
||||
import reverse_proxy_config
|
||||
tls internal
|
||||
}
|
||||
|
||||
# Handle IP address access (HTTP)
|
||||
http://10.76.152.164 {
|
||||
import reverse_proxy_config
|
||||
# HTTP redirects to HTTPS for each hostname
|
||||
http://digiserver {
|
||||
redir https://{host}{uri}
|
||||
}
|
||||
|
||||
# Handle IP address access (HTTPS - self-signed with IP in certificate)
|
||||
https://10.76.152.164 {
|
||||
import reverse_proxy_config
|
||||
tls {
|
||||
on_demand
|
||||
}
|
||||
http://10.76.152.164 {
|
||||
redir https://{host}{uri}
|
||||
}
|
||||
|
||||
http://digiserver.sibiusb.harting.intra {
|
||||
redir https://{host}{uri}
|
||||
}
|
||||
|
||||
# Catch-all for any other HTTP requests
|
||||
@@ -73,7 +66,7 @@ http://* {
|
||||
import reverse_proxy_config
|
||||
}
|
||||
|
||||
# Catch-all for any other HTTPS requests
|
||||
# Catch-all for any other HTTPS requests (fallback)
|
||||
https://* {
|
||||
import reverse_proxy_config
|
||||
tls internal
|
||||
|
||||
Reference in New Issue
Block a user