digiserver-v2/Caddyfile

{
    # Global options
    email admin@example.com
    # Admin API for configuration management (listen on all interfaces)
    admin 0.0.0.0:2019
    # Uncomment for testing to avoid rate limits
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

# Shared reverse proxy configuration
(reverse_proxy_config) {
    reverse_proxy digiserver-app:5000 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
        
        # Timeouts for large uploads
        transport http {
            read_timeout 300s
            write_timeout 300s
        }
    }
    
    # File upload size limit (2GB)
    request_body {
        max_size 2GB
    }
    
    # Security headers
    header {
        X-Frame-Options "SAMEORIGIN"
        X-Content-Type-Options "nosniff"
        X-XSS-Protection "1; mode=block"
    }
    
    # Logging
    log {
        output file /var/log/caddy/access.log
    }
}

# Localhost (development/local access)
http://localhost {
    import reverse_proxy_config
}

# Internal domain (HTTP only - internal use)
http://digiserver.sibiusb.harting.intra {
    import reverse_proxy_config
}

# Internal domain (HTTPS - self-signed certificate)
https://digiserver.sibiusb.harting.intra {
    import reverse_proxy_config
    tls internal
}

# Handle IP address access (HTTP)
http://10.76.152.164 {
    import reverse_proxy_config
}

# Handle IP address access (HTTPS - self-signed with IP in certificate)
https://10.76.152.164 {
    import reverse_proxy_config
    tls {
        on_demand
    }
}

# Catch-all for any other HTTP requests
http://* {
    import reverse_proxy_config
}

# Catch-all for any other HTTPS requests
https://* {
    import reverse_proxy_config
    tls internal
}