Build [v1.14.21]

This commit is contained in:
2026-04-23 15:59:17 +03:00
parent 6e88ea9107
commit e5bb14d945
6 changed files with 52 additions and 47 deletions

View File

@@ -1,41 +1,58 @@
# TFM aInventory - Caddy Patched IP Configuration
# Version 1.9.17 - The Dynamic Shield (Production Polish)
# TFM aInventory - Standalone Caddy Configuration
# Self-signed SSL/TLS reverse proxy for any IP/hostname
{
admin off
local_certs
local_certs
skip_install_trust
auto_https disable_redirects
# Configure on-demand TLS for private network IPs
on_demand_tls {
on_demand_tls {
ask http://localhost:8916/
# This allows Caddy to generate internal certs for any IP/domain.
ask http://backend:8000/
}
}
}
# Dynamic HTTPS Frontend (port 8919) - Matches ANY IP or hostname
https:// {
tls internal {
https://:8919 {
tls internal {
on_demand
}
reverse_proxy frontend:3000
header {
# Next.js HMR Support (WebSocket)
handle /_next/webpack-hmr {
reverse_proxy http://localhost:8917 {
header_up Upgrade {>Upgrade}
header_up Connection {>Connection}
}
}
reverse_proxy http://localhost:8917 {
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-Host {host}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Frame-Options "SAMEORIGIN"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "strict-origin-when-cross-origin"
}
}
# Dynamic HTTPS Backend (port 8918) - Matches ANY IP or hostname
https://:444 {
tls internal {
https://:8918 {
tls internal {
on_demand
}
}
reverse_proxy http://localhost:8916 {
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-Host {host}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
}
}