V1.0.0 version push

2026-01-06 03:30:25 -06:00 · 2025-08-16 21:49:43 +02:00
parent 24b74e6231
commit c92f9e196b
77 changed files with 12707 additions and 3 deletions
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@@ -0,0 +1,60 @@
+# Caddyfile for Time Tracker reverse proxy
+# This provides TLS termination and static asset caching
+
+# Main application
+:80 {
+    # Redirect HTTP to HTTPS
+    redir https://{host}{uri} permanent
+}
+
+:443 {
+    # TLS configuration
+    tls internal
+    
+    # Reverse proxy to the Flask application
+    reverse_proxy app:8080 {
+        # Health checks
+        health_uri /_health
+        health_interval 30s
+        health_timeout 10s
+        
+        # Headers
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+        header_up Host {host}
+    }
+    
+    # Security headers
+    header {
+        # Security headers
+        X-Content-Type-Options nosniff
+        X-Frame-Options DENY
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy strict-origin-when-cross-origin
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self' ws: wss:;"
+        
+        # Remove server header
+        -Server
+    }
+    
+    # Gzip compression
+    encode gzip
+    
+    # Static file caching
+    @static {
+        path *.css *.js *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
+    }
+    header @static Cache-Control "public, max-age=31536000"
+    
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+        format json
+    }
+}
+
+# Health check endpoint (no TLS required)
+:8080 {
+    reverse_proxy app:8080
+}