Add waitress + caddy deployment

2026-03-30 22:46:04 +02:00
parent f9d6662467
commit 39fb2edd71
10 changed files with 402 additions and 17 deletions
--- a/102
+++ b/102
@@ -0,0 +1,102 @@
+# Caddyfile for HXBooks
+# Replace 'localhost' with your domain for production with automatic HTTPS
+localhost {
+    # Serve static files directly (CSS, JS, images, etc.)
+    handle /static/* {
+        root * /var/www
+        file_server
+        
+        # Cache static assets for 7 days (good balance of performance vs update flexibility)
+        header {
+            Cache-Control "public, max-age=604800"
+            # ETag support is enabled by default in file_server
+        }
+    }
+
+    # Serve book cover images directly  
+    handle /media/covers/* {
+        root * /var/www
+        file_server
+        
+        # Cache cover images for 30 days (they may be updated occasionally)
+        header {
+            Cache-Control "public, max-age=2592000"
+        }
+    }
+
+    # Proxy all other requests to the Flask app
+    reverse_proxy app:5000 {
+        # Health check endpoint
+        health_uri /
+        health_interval 30s
+        health_timeout 10s
+        
+        # Forward real IP to app
+        header_up X-Real-IP {remote}
+        header_up X-Forwarded-For {remote}
+        header_up X-Forwarded-Proto {scheme}
+        header_up X-Forwarded-Host {host}
+    }
+
+    # Optional: Enable compression for better performance
+    encode gzip
+
+    # Security headers
+    header {
+        # Remove server identification
+        -Server
+        
+        # Security headers
+        X-Content-Type-Options nosniff
+        X-Frame-Options DENY
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy strict-origin-when-cross-origin
+    }
+
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+        format json
+    }
+}
+
+# Production example - uncomment and modify for your domain
+# your-domain.com {
+#     handle /static/* {
+#         root * /var/www
+#         file_server
+#         
+#         # Cache static assets for 7 days
+#         header {
+#             Cache-Control "public, max-age=604800"
+#         }
+#     }
+#
+#     handle /media/covers/* {
+#         root * /var/www
+#         file_server
+#         
+#         # Cache cover images for 30 days
+#         header {
+#             Cache-Control "public, max-age=2592000"
+#         }
+#     }
+#
+#     reverse_proxy app:5000 {
+#         header_up X-Real-IP {remote}
+#         header_up X-Forwarded-For {remote}
+#         header_up X-Forwarded-Proto {scheme}
+#         header_up X-Forwarded-Host {host}
+#     }
+#
+#     encode gzip
+#
+#     header {
+#         -Server
+#         X-Content-Type-Options nosniff
+#         X-Frame-Options DENY
+#         X-XSS-Protection "1; mode=block"
+#         Referrer-Policy strict-origin-when-cross-origin
+#         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+#     }
+# }