forked from m3ue/m3u-editor
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCaddyfile
More file actions
142 lines (124 loc) · 3.73 KB
/
Caddyfile
File metadata and controls
142 lines (124 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Caddyfile for M3U Editor with external services
# This config proxies requests to:
# - m3u-editor PHP-FPM (port 9000) for the main application
# - m3u-proxy (port 38085) for streaming endpoints
{
# Global options
auto_https off
admin off
log {
output stdout
format console
level INFO
}
}
# Main server block
:80 {
# Root directory for static files
root * /var/www/html/public
# Encode responses
encode gzip zstd
# Security headers
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
-Server
}
# Logging
log {
output stdout
format console
}
# Health check endpoint
@health {
path /health
}
handle @health {
respond "healthy" 200
}
# M3U Proxy endpoints - Route to external m3u-proxy service
# Match /m3u-proxy/* paths (not /m3u-proxy-stream-monitor which should go to PHP)
@m3u_proxy {
path /m3u-proxy/*
}
handle @m3u_proxy {
# Remove /m3u-proxy prefix when forwarding to proxy
uri strip_prefix /m3u-proxy
reverse_proxy m3u-proxy:38085 {
# Headers for streaming
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
# ✅ FIX: Preserve X-Forwarded-Proto from upstream reverse proxy
# Caddy automatically preserves incoming headers, but we ensure it's set
# If not present from upstream, use current scheme
header_up X-Forwarded-Proto {header.X-Forwarded-Proto:$scheme}
# Also preserve other HTTPS detection headers for universal support
header_up X-Forwarded-Ssl {header.X-Forwarded-Ssl}
header_up X-Forwarded-Port {header.X-Forwarded-Port}
# Disable buffering for streaming
flush_interval -1
# Timeouts for streaming
transport http {
read_timeout 300s
write_timeout 300s
dial_timeout 10s
}
}
}
# WebSocket reverse proxy for Reverb
# Reverb listens for WebSocket connections at /app and API requests at /apps
@websocket_app {
path /app /app/*
}
handle @websocket_app {
reverse_proxy m3u-editor:36800 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
@websocket_apps {
path /apps /apps/*
}
handle @websocket_apps {
reverse_proxy m3u-editor:36800 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
# Deny access to sensitive files
@dotfiles {
path /.*
not path /.well-known/*
}
handle @dotfiles {
respond 403
}
# PHP-FPM handling for Laravel
# This must come after specific route handlers
php_fastcgi m3u-editor:9000 {
root /var/www/html/public
# Increase timeout for long-running requests
read_timeout 300s
write_timeout 300s
}
# Enable file serving for static assets
file_server
}
# Optional: HTTPS configuration
# Uncomment and configure for production with SSL
# https://your-domain.com {
# # TLS certificate paths (if using manual certificates)
# # tls /path/to/cert.pem /path/to/key.pem
#
# # Or use automatic HTTPS with Let's Encrypt (default)
# # tls your-email@example.com
#
# # Include all the configuration from above
# # ...
# }