caddy example

2026-01-12 21:24:19 -05:00
parent 0158f2808f
commit ee47c89a84
5 changed files with 268 additions and 4 deletions
--- a/Caddyfile.example
+++ b/Caddyfile.example
@@ -0,0 +1,98 @@
+# Example Caddyfile for production deployment
+# Caddy automatically handles HTTPS with Let's Encrypt!
+
+# Basic configuration - Caddy handles SSL automatically
+trivia.torrtle.co {
+    # Reverse proxy to Flask app
+    reverse_proxy localhost:5001
+
+    # Increase client upload size for images (default is 10MB)
+    request_body {
+        max_size 10MB
+    }
+
+    # Enable compression
+    encode gzip zstd
+
+    # Logging
+    log {
+        output file /var/log/caddy/trivia.log
+        format json
+    }
+}
+
+# Alternative: More explicit configuration with WebSocket support
+# (Though Caddy handles WebSocket upgrades automatically)
+trivia.torrtle.co {
+    # Main reverse proxy
+    reverse_proxy localhost:5001 {
+        # Forward real client IP
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+        header_up X-Forwarded-Host {host}
+
+        # Health check
+        health_uri /api/health
+        health_interval 30s
+        health_timeout 5s
+    }
+
+    # Upload size
+    request_body {
+        max_size 10MB
+    }
+
+    # Compression
+    encode gzip zstd
+
+    # Security headers
+    header {
+        # Enable HSTS
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+        # Prevent clickjacking
+        X-Frame-Options "SAMEORIGIN"
+
+        # XSS protection
+        X-Content-Type-Options "nosniff"
+
+        # Referrer policy
+        Referrer-Policy "strict-origin-when-cross-origin"
+    }
+
+    # Logging
+    log {
+        output file /var/log/caddy/trivia.log {
+            roll_size 100mb
+            roll_keep 5
+            roll_keep_for 720h
+        }
+        format json
+    }
+}
+
+# Optional: Expose Celery Flower monitoring on subdomain
+flower.torrtle.co {
+    reverse_proxy localhost:5555
+
+    # Optional: Basic auth for protection
+    basicauth {
+        admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa
+    }
+}
+
+# Optional: Redirect www to non-www
+www.trivia.torrtle.co {
+    redir https://trivia.torrtle.co{uri} permanent
+}
+
+# Optional: Development/staging environment on different subdomain
+staging.trivia.torrtle.co {
+    reverse_proxy localhost:5002
+
+    # Basic auth to protect staging
+    basicauth {
+        staging $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa
+    }
+}