# Example Caddyfile for production deployment # Caddy automatically handles HTTPS with Let's Encrypt! # Basic configuration - Caddy handles SSL automatically trivia.torrtle.co { # Reverse proxy to Flask app (use localhost:5001, not :5001) reverse_proxy localhost:5001 # Increase client upload size for images (default is 10MB) request_body { max_size 10MB } # Enable compression encode gzip zstd # Logging log { output file /var/log/caddy/trivia.log format json } } # Alternative: More explicit configuration with WebSocket support # (Though Caddy handles WebSocket upgrades automatically) trivia.torrtle.co { # Main reverse proxy reverse_proxy localhost:5001 { # Forward real client IP header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} # Health check health_uri /api/health health_interval 30s health_timeout 5s } # Upload size request_body { max_size 10MB } # Compression encode gzip zstd # Security headers header { # Enable HSTS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Prevent clickjacking X-Frame-Options "SAMEORIGIN" # XSS protection X-Content-Type-Options "nosniff" # Referrer policy Referrer-Policy "strict-origin-when-cross-origin" } # Logging log { output file /var/log/caddy/trivia.log { roll_size 100mb roll_keep 5 roll_keep_for 720h } format json } } # Optional: Expose Celery Flower monitoring on subdomain flower.torrtle.co { reverse_proxy localhost:5555 # Optional: Basic auth for protection basicauth { admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa } } # Optional: Redirect www to non-www www.trivia.torrtle.co { redir https://trivia.torrtle.co{uri} permanent } # Optional: Development/staging environment on different subdomain staging.trivia.torrtle.co { reverse_proxy localhost:5002 # Basic auth to protect staging basicauth { staging $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa } }