# Caddyfile for HXBooks # Replace 'localhost' with your domain for production with automatic HTTPS :80 { # Serve static files directly (CSS, JS, images, etc.) handle /static/* { root * /var/www file_server # Cache static assets for 7 days (good balance of performance vs update flexibility) header { Cache-Control "public, max-age=604800" # ETag support is enabled by default in file_server } } # Serve book cover images directly handle /media/covers/* { root * /var/www file_server # Cache cover images for 30 days (they may be updated occasionally) header { Cache-Control "public, max-age=2592000" } } # Proxy all other requests to the Flask app reverse_proxy app:5000 { # Health check endpoint health_uri / health_interval 30s health_timeout 10s # Forward real IP to app header_up X-Real-IP {remote} } # Optional: Enable compression for better performance encode gzip # Security headers header { # Remove server identification -Server # Security headers X-Content-Type-Options nosniff X-Frame-Options DENY X-XSS-Protection "1; mode=block" Referrer-Policy strict-origin-when-cross-origin } # Logging log { output file /var/log/caddy/access.log format json } } # Production example - uncomment and modify for your domain # your-domain.com { # handle /static/* { # root * /var/www # file_server # # # Cache static assets for 7 days # header { # Cache-Control "public, max-age=604800" # } # } # # handle /media/covers/* { # root * /var/www # file_server # # # Cache cover images for 30 days # header { # Cache-Control "public, max-age=2592000" # } # } # # reverse_proxy app:5000 { # header_up X-Real-IP {remote} # header_up X-Forwarded-For {remote} # header_up X-Forwarded-Proto {scheme} # header_up X-Forwarded-Host {host} # } # # encode gzip # # header { # -Server # X-Content-Type-Options nosniff # X-Frame-Options DENY # X-XSS-Protection "1; mode=block" # Referrer-Policy strict-origin-when-cross-origin # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # } # }