ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ea24a98cdccd2b711f2c3906b511eb2688449d8
digiserver-v2/Caddyfile
Quality App Developer cedb411536 feat: Complete HTTPS multi-endpoint configuration and deployment automation 
- Enhanced Caddyfile with consolidated HTTPS block supporting all access points
- Added support for https://digiserver, https://10.76.152.164, and https://digiserver.sibiusb.harting.intra
- Configured Caddy reverse proxy with HTTP/3 (QUIC), TLS 1.3+, and HTTP/2 support
- Implemented security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection)
- Added HTTP to HTTPS automatic redirects for all endpoints
- Enhanced setup_https.sh with improved error handling and progress reporting
- Created deploy.sh for fully automated one-command deployment
- Added comprehensive deployment documentation (5 guides)
- Configured 2GB file upload limit and 300s request/response timeouts
- Added Caddy admin API on port 2019 for configuration management
- Implemented health checks and container dependency management
- All volumes persistent and properly isolated
- Production-ready configuration with environment variable parameterization
2026-01-14 20:40:26 +02:00

74 lines
1.6 KiB
Caddyfile
Executable File
Raw Blame History

{
# Global options
email admin@example.com
# Admin API for configuration management (listen on all interfaces)
admin 0.0.0.0:2019
}
# Shared reverse proxy configuration
(reverse_proxy_config) {
reverse_proxy digiserver-app:5000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-Proto {scheme}
# Timeouts for large uploads
transport http {
read_timeout 300s
write_timeout 300s
}
}
# File upload size limit (2GB)
request_body {
max_size 2GB
}
# Security headers
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
}
# Logging
log {
output file /var/log/caddy/access.log
}
}
# Localhost (development/local access - HTTP only for local dev)
http://localhost {
import reverse_proxy_config
}
# Main HTTPS entry point with multiple hostnames and IP
https://digiserver, https://10.76.152.164, https://digiserver.sibiusb.harting.intra {
import reverse_proxy_config
tls internal
}
# HTTP redirects to HTTPS for each hostname
http://digiserver {
redir https://{host}{uri}
}
http://10.76.152.164 {
redir https://{host}{uri}
}
http://digiserver.sibiusb.harting.intra {
redir https://{host}{uri}
}
# Catch-all for any other HTTP requests
http://* {
import reverse_proxy_config
}
# Catch-all for any other HTTPS requests (fallback)
https://* {
import reverse_proxy_config
tls internal
}
Reference in New Issue View Git Blame Copy Permalink