core/Projektarbeit-MYP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Projektarbeit-MYP/frontend/docker/caddy/Caddyfile

65 lines
1.8 KiB
Caddyfile
Raw Blame History

# HTTP to HTTPS redirect
:80 {
redir https://{host}{uri} permanent
}
# HTTPS Frontend
m040tbaraspi001.de040.corpintra.net:443 {
# TLS configuration with custom certificates
tls /etc/ssl/certs/myp/frontend.crt /etc/ssl/certs/myp/frontend.key
# Security headers
header {
# Enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# XSS Protection
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
# CSP
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://raspberrypi;"
# Remove server header
-Server
}
# Health check endpoint
handle /health {
respond "OK" 200
}
# API proxy to backend
handle /api/* {
reverse_proxy https://raspberrypi {
transport http {
tls_insecure_skip_verify
}
header_up Host {upstream_hostport}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
# Frontend application
reverse_proxy frontend-app:3000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
# Logging
log {
output file /var/log/caddy/access.log
format json
}
# Enable compression
encode gzip
}
# Fallback for direct IP access
192.168.0.109:443 {
tls /etc/ssl/certs/myp/frontend.crt /etc/ssl/certs/myp/frontend.key
redir https://m040tbaraspi001.de040.corpintra.net{uri} permanent
}
Reference in New Issue View Git Blame Copy Permalink