99 lines
2.3 KiB
Caddyfile
99 lines
2.3 KiB
Caddyfile
# Example Caddyfile for production deployment
|
|
# Caddy automatically handles HTTPS with Let's Encrypt!
|
|
|
|
# Basic configuration - Caddy handles SSL automatically
|
|
trivia.torrtle.co {
|
|
# Reverse proxy to Flask app (use localhost:5001, not :5001)
|
|
reverse_proxy localhost:5001
|
|
|
|
# Increase client upload size for images (default is 10MB)
|
|
request_body {
|
|
max_size 10MB
|
|
}
|
|
|
|
# Enable compression
|
|
encode gzip zstd
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/trivia.log
|
|
format json
|
|
}
|
|
}
|
|
|
|
# Alternative: More explicit configuration with WebSocket support
|
|
# (Though Caddy handles WebSocket upgrades automatically)
|
|
trivia.torrtle.co {
|
|
# Main reverse proxy
|
|
reverse_proxy localhost:5001 {
|
|
# Forward real client IP
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
header_up X-Forwarded-Host {host}
|
|
|
|
# Health check
|
|
health_uri /api/health
|
|
health_interval 30s
|
|
health_timeout 5s
|
|
}
|
|
|
|
# Upload size
|
|
request_body {
|
|
max_size 10MB
|
|
}
|
|
|
|
# Compression
|
|
encode gzip zstd
|
|
|
|
# Security headers
|
|
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
|
|
# Prevent clickjacking
|
|
X-Frame-Options "SAMEORIGIN"
|
|
|
|
# XSS protection
|
|
X-Content-Type-Options "nosniff"
|
|
|
|
# Referrer policy
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/trivia.log {
|
|
roll_size 100mb
|
|
roll_keep 5
|
|
roll_keep_for 720h
|
|
}
|
|
format json
|
|
}
|
|
}
|
|
|
|
# Optional: Expose Celery Flower monitoring on subdomain
|
|
flower.torrtle.co {
|
|
reverse_proxy localhost:5555
|
|
|
|
# Optional: Basic auth for protection
|
|
basicauth {
|
|
admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa
|
|
}
|
|
}
|
|
|
|
# Optional: Redirect www to non-www
|
|
www.trivia.torrtle.co {
|
|
redir https://trivia.torrtle.co{uri} permanent
|
|
}
|
|
|
|
# Optional: Development/staging environment on different subdomain
|
|
staging.trivia.torrtle.co {
|
|
reverse_proxy localhost:5002
|
|
|
|
# Basic auth to protect staging
|
|
basicauth {
|
|
staging $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR4M5.laVvNFqEAa
|
|
}
|
|
}
|