clout-cards/Caddyfile at main · Layr-Labs/clout-cards · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Caddy configuration for automatic HTTPS
# The DOMAIN environment variable will be injected at runtime

{$DOMAIN:localhost} {
    # TLS configuration - always use provided certificates generated by tls-keygen
    tls /run/tls/fullchain.pem /run/tls/privkey.pem

    # Reverse proxy to your Node.js application
    # Modify the port to match your application (default: 3000)
    reverse_proxy localhost:{$APP_PORT:3000} {
        # Health check configuration
        health_uri /health
        health_interval 30s
        health_timeout 5s
        health_status 200
    }

    # Custom headers
    header {
        # Security headers
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"

        # Remove server header
        -Server
    }

    # Logging
    log {
        output stdout
        format console
        level INFO
    }

    # Request size limits
    request_body {
        max_size 10MB
    }
}

# HTTP endpoint (optional, for health checks or redirects)
:80 {
    # Redirect to HTTPS only when host isn't localhost
    @for_domain expression {host} != "localhost"
    redir @for_domain https://{host}{uri} permanent

    # Health check endpoint (always available via HTTP)
    handle /health {
        respond "OK" 200
    }
}