114 lines
3.0 KiB
Caddyfile
114 lines
3.0 KiB
Caddyfile
# VidRip Caddyfile
|
|
# This configuration serves the frontend and proxies API requests to the backend
|
|
#
|
|
# NOTE: This file will be auto-generated by start-production.sh if it doesn't exist.
|
|
# The script will prompt you for your domain name.
|
|
#
|
|
# Manual Usage:
|
|
# 1. Install Caddy: https://caddyserver.com/docs/install
|
|
# 2. Update 'your-domain.com' below with your actual domain
|
|
# 3. Run: caddy run (for testing) or caddy start (background)
|
|
# 4. Or use systemd service (see DEPLOYMENT.md)
|
|
#
|
|
# Features:
|
|
# - Automatic HTTPS with Let's Encrypt
|
|
# - Reverse proxy to backend API
|
|
# - Static file serving for frontend
|
|
# - Compression enabled
|
|
# - Security headers
|
|
|
|
# Replace with your domain or use :80 for localhost
|
|
your-domain.com {
|
|
# Enable compression
|
|
encode gzip zstd
|
|
|
|
# Security headers
|
|
header {
|
|
# Enable HSTS (forces HTTPS)
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# Prevent clickjacking
|
|
X-Frame-Options "SAMEORIGIN"
|
|
# Prevent MIME type sniffing
|
|
X-Content-Type-Options "nosniff"
|
|
# Enable XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Referrer policy
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
# Remove server header for security
|
|
-Server
|
|
}
|
|
|
|
# API routes - proxy to backend
|
|
handle /api/* {
|
|
reverse_proxy localhost:3001 {
|
|
# Health check
|
|
health_uri /api/health
|
|
health_interval 10s
|
|
health_timeout 5s
|
|
|
|
# Headers
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
}
|
|
}
|
|
|
|
# Serve frontend static files
|
|
handle {
|
|
# Root directory is the frontend build output
|
|
root * /var/www/vidrip
|
|
|
|
# Try files first, fall back to index.html for SPA routing
|
|
try_files {path} /index.html
|
|
|
|
# Serve files
|
|
file_server
|
|
|
|
# Cache static assets
|
|
@static {
|
|
path *.js *.css *.woff *.woff2 *.ttf *.eot *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp
|
|
}
|
|
header @static {
|
|
Cache-Control "public, max-age=31536000, immutable"
|
|
}
|
|
|
|
# Don't cache index.html
|
|
@html {
|
|
path *.html
|
|
}
|
|
header @html {
|
|
Cache-Control "no-cache, no-store, must-revalidate"
|
|
}
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/vidrip-access.log {
|
|
roll_size 100mb
|
|
roll_keep 10
|
|
}
|
|
format json
|
|
}
|
|
}
|
|
|
|
# Alternative configuration for local development/testing without a domain
|
|
# Uncomment this and comment out the domain configuration above
|
|
# :80 {
|
|
# encode gzip zstd
|
|
#
|
|
# handle /api/* {
|
|
# reverse_proxy localhost:3001
|
|
# }
|
|
#
|
|
# handle {
|
|
# root * /var/www/vidrip
|
|
# try_files {path} /index.html
|
|
# file_server
|
|
# }
|
|
#
|
|
# log {
|
|
# output stdout
|
|
# }
|
|
# }
|