core/Projektarbeit-MYP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

"feat: Added debug server and related components for improved development experience"

Browse Source
This commit is contained in:
Till Tomczak
2025-05-23 07:24:51 +02:00
parent d457a8d86b
commit 9f6219832c
189 changed files with 35730 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

229
proxy/Caddyfile Normal file
View File

@@ -0,0 +1,229 @@
# 🔄 MYP Reverse Proxy Konfiguration
# Caddy Server für Load Balancing und SSL Termination
{
# Globale Optionen
debug
auto_https off
email admin@mercedes-benz.com
# Lokale Zertifikate für Entwicklung
local_certs
}
# Hauptdomain-Konfiguration
{$CADDY_HOST:localhost}, {$CADDY_DOMAIN:myp.local} {
# === API-Routen ===
# Backend API Endpunkte
@api {
path /api/*
path /health
path /auth/*
path /swagger/*
path /docs/*
}
handle @api {
# API-Prefix entfernen für Backend-Weiterleitung
uri strip_prefix /api
# Backend-Server (Load Balancing für Hochverfügbarkeit)
reverse_proxy {
to backend:5000
# Health Checks
health_uri /health
health_interval 30s
health_timeout 10s
# Load Balancing
lb_policy round_robin
# Fehlerbehandlung
fail_duration 30s
max_fails 3
# Header-Weiterleitung
header_up Host {upstream_hostport}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
# === OAuth und Authentifizierung ===
@oauth {
path /auth/login/callback*
path /auth/logout*
path /auth/verify*
}
handle @oauth {
# Keine Caches für Auth-Endpunkte
header Cache-Control "no-cache, no-store, must-revalidate"
header Pragma "no-cache"
header Expires "0"
reverse_proxy frontend:3000
}
# === Statische Assets ===
@static {
path *.js *.css *.png *.jpg *.jpeg *.gif *.svg *.ico *.woff *.woff2 *.ttf *.eot
path /_next/static/*
path /static/*
path /assets/*
}
handle @static {
# Aggressive Caching für statische Inhalte
header Cache-Control "public, max-age=31536000, immutable"
header Vary "Accept-Encoding"
# Kompression
encode gzip zstd
reverse_proxy frontend:3000
}
# === Frontend-Anwendung ===
handle {
# Dynamische Inhalte
header Cache-Control "no-cache, no-store, must-revalidate"
header Pragma "no-cache"
# Frontend-Server
reverse_proxy {
to frontend:3000
# Health Checks
health_uri /
health_interval 30s
health_timeout 10s
# Header-Weiterleitung
header_up Host {upstream_hostport}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
# === Sicherheitsheader ===
header {
# HTTPS Durchsetzung
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Content Security Policy
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:; frame-src 'none'; object-src 'none'; base-uri 'self'"
# XSS-Schutz
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
# Referrer Policy
Referrer-Policy "strict-origin-when-cross-origin"
# Feature Policy / Permissions Policy
Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()"
# Server-Information ausblenden
-Server
-X-Powered-By
}
# === Logging ===
log {
output file /var/log/caddy/myp-access.log {
roll_size 100mb
roll_keep 5
roll_keep_for 720h
}
format json
level INFO
}
# === Rate Limiting ===
rate_limit {
zone static_files {
key {remote_host}
events 1000
window 1m
}
zone api_calls {
key {remote_host}
events 100
window 1m
}
}
# === Fehlerbehandlung ===
handle_errors {
@502 expression `{http.error.status_code} == 502`
handle @502 {
rewrite * /errors/502.html
file_server {
root /usr/share/caddy/errors
}
}
@503 expression `{http.error.status_code} == 503`
handle @503 {
rewrite * /errors/503.html
file_server {
root /usr/share/caddy/errors
}
}
}
# === Development Features ===
# WebSocket Support für Hot Reload
@websocket {
header Connection *Upgrade*
header Upgrade websocket
}
handle @websocket {
reverse_proxy frontend:3000
}
}
# === Monitoring Endpunkte (nur Entwicklung) ===
monitoring.{$CADDY_DOMAIN:myp.local} {
# Prometheus Metriken
handle /metrics {
reverse_proxy prometheus:9090
}
# Grafana Dashboards
handle /grafana/* {
uri strip_prefix /grafana
reverse_proxy grafana:3000
}
# Caddy Admin API
handle /admin/* {
reverse_proxy localhost:2019
}
# Basis-Authentifizierung für Monitoring
basicauth /* {
admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNqBZnp6N5i8rGjW5h3qK4/tW
}
}
# === Gesundheitsprüfungen ===
health.{$CADDY_DOMAIN:myp.local} {
respond /health "OK" 200
handle /backend/health {
reverse_proxy backend:5000/health
}
handle /frontend/health {
reverse_proxy frontend:3000
}
}
}