mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-04 10:40:23 -06:00
61 lines
1.5 KiB
Caddyfile
61 lines
1.5 KiB
Caddyfile
# Caddyfile for Time Tracker reverse proxy
|
|
# This provides TLS termination and static asset caching
|
|
|
|
# Main application
|
|
:80 {
|
|
# Redirect HTTP to HTTPS
|
|
redir https://{host}{uri} permanent
|
|
}
|
|
|
|
:443 {
|
|
# TLS configuration
|
|
tls internal
|
|
|
|
# Reverse proxy to the Flask application
|
|
reverse_proxy app:8080 {
|
|
# Health checks
|
|
health_uri /_health
|
|
health_interval 30s
|
|
health_timeout 10s
|
|
|
|
# Headers
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
header_up Host {host}
|
|
}
|
|
|
|
# Security headers
|
|
header {
|
|
# Security headers
|
|
X-Content-Type-Options nosniff
|
|
X-Frame-Options DENY
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self' ws: wss:;"
|
|
|
|
# Remove server header
|
|
-Server
|
|
}
|
|
|
|
# Gzip compression
|
|
encode gzip
|
|
|
|
# Static file caching
|
|
@static {
|
|
path *.css *.js *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
|
|
}
|
|
header @static Cache-Control "public, max-age=31536000"
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
format json
|
|
}
|
|
}
|
|
|
|
# Health check endpoint (no TLS required)
|
|
:8080 {
|
|
reverse_proxy app:8080
|
|
}
|