Build [v1.9.12] (Secure Seal & LDAP Sync: Custom Caddy & Config Volume)

This commit is contained in:
Daniel Bedeleanu
2026-04-13 22:25:19 +03:00
parent 9d7e4f0ca3
commit ee7e7b7bd7
6 changed files with 78 additions and 29 deletions

View File

@@ -1,21 +1,35 @@
# TFM aInventory - Caddy Explicit IP Configuration
# Version 1.9.10 - Focused on resolving Protocol Errors on private IPs.
# TFM aInventory - Caddy Patched IP Configuration
# Version 1.9.12 - Secure Seal & IP Stability
{
admin off
admin off
auto_https disable_redirects
auto_https disable_redirects
# Trust local CA for internal certificate issuance
local_certs
}
# Frontend SSL Proxy (8919 -> 443)
https://{$SERVER_IP:192.168.84.113}:443 {
https://{$SERVER_IP:192.168.84.113}:443 {
tls internal {
reverse_proxy frontend:3000
on_demand
}
reverse_proxy frontend:3000
# Security Headers for PWA
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "strict-origin-when-cross-origin"
}
}
# Backend SSL Proxy (8918 -> 444)
https://{$SERVER_IP:192.168.84.113}:444 {
https://{$SERVER_IP:192.168.84.113}:444 {
tls internal {
reverse_proxy backend:8000
on_demand
}
reverse_proxy backend:8000
}
}

8
config/proxy/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM caddy:2-alpine
# Install nss-tools to allow Caddy to manage its internal trust store (fixes certutil warning)
# Install ca-certificates to ensure Caddy can trust external sites if needed
RUN apk add --no-cache nss-tools ca-certificates
# Expose the internal proxy ports
EXPOSE 80 443 444