Francisco Penedo Alvarez
03a5b3803e
All checks were successful
CI / quality-checks (push) Successful in 42s
99 lines
2.5 KiB
Caddyfile
99 lines
2.5 KiB
Caddyfile
# Caddyfile for HXBooks
|
|
# Replace 'localhost' with your domain for production with automatic HTTPS
|
|
:80 {
|
|
# Serve static files directly (CSS, JS, images, etc.)
|
|
handle /static/* {
|
|
root * /var/www
|
|
file_server
|
|
|
|
# Cache static assets for 7 days (good balance of performance vs update flexibility)
|
|
header {
|
|
Cache-Control "public, max-age=604800"
|
|
# ETag support is enabled by default in file_server
|
|
}
|
|
}
|
|
|
|
# Serve book cover images directly
|
|
handle /media/covers/* {
|
|
root * /var/www
|
|
file_server
|
|
|
|
# Cache cover images for 30 days (they may be updated occasionally)
|
|
header {
|
|
Cache-Control "public, max-age=2592000"
|
|
}
|
|
}
|
|
|
|
# Proxy all other requests to the Flask app
|
|
reverse_proxy app:5000 {
|
|
# Health check endpoint
|
|
health_uri /
|
|
health_interval 30s
|
|
health_timeout 10s
|
|
|
|
# Forward real IP to app
|
|
header_up X-Real-IP {remote}
|
|
}
|
|
|
|
# Optional: Enable compression for better performance
|
|
encode gzip
|
|
|
|
# Security headers
|
|
header {
|
|
# Remove server identification
|
|
-Server
|
|
|
|
# Security headers
|
|
X-Content-Type-Options nosniff
|
|
X-Frame-Options DENY
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
format json
|
|
}
|
|
}
|
|
|
|
# Production example - uncomment and modify for your domain
|
|
# your-domain.com {
|
|
# handle /static/* {
|
|
# root * /var/www
|
|
# file_server
|
|
#
|
|
# # Cache static assets for 7 days
|
|
# header {
|
|
# Cache-Control "public, max-age=604800"
|
|
# }
|
|
# }
|
|
#
|
|
# handle /media/covers/* {
|
|
# root * /var/www
|
|
# file_server
|
|
#
|
|
# # Cache cover images for 30 days
|
|
# header {
|
|
# Cache-Control "public, max-age=2592000"
|
|
# }
|
|
# }
|
|
#
|
|
# reverse_proxy app:5000 {
|
|
# header_up X-Real-IP {remote}
|
|
# header_up X-Forwarded-For {remote}
|
|
# header_up X-Forwarded-Proto {scheme}
|
|
# header_up X-Forwarded-Host {host}
|
|
# }
|
|
#
|
|
# encode gzip
|
|
#
|
|
# header {
|
|
# -Server
|
|
# X-Content-Type-Options nosniff
|
|
# X-Frame-Options DENY
|
|
# X-XSS-Protection "1; mode=block"
|
|
# Referrer-Policy strict-origin-when-cross-origin
|
|
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# }
|
|
# } |