Build [v1.9.12] (Secure Seal & LDAP Sync: Custom Caddy & Config Volume)
This commit is contained in:
@@ -1,21 +1,35 @@
|
||||
# TFM aInventory - Caddy Explicit IP Configuration
|
||||
# Version 1.9.10 - Focused on resolving Protocol Errors on private IPs.
|
||||
# TFM aInventory - Caddy Patched IP Configuration
|
||||
# Version 1.9.12 - Secure Seal & IP Stability
|
||||
{
|
||||
admin off
|
||||
admin off
|
||||
auto_https disable_redirects
|
||||
auto_https disable_redirects
|
||||
|
||||
# Trust local CA for internal certificate issuance
|
||||
local_certs
|
||||
}
|
||||
|
||||
# Frontend SSL Proxy (8919 -> 443)
|
||||
https://{$SERVER_IP:192.168.84.113}:443 {
|
||||
https://{$SERVER_IP:192.168.84.113}:443 {
|
||||
tls internal {
|
||||
reverse_proxy frontend:3000
|
||||
on_demand
|
||||
}
|
||||
reverse_proxy frontend:3000
|
||||
|
||||
# Security Headers for PWA
|
||||
header {
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
}
|
||||
}
|
||||
|
||||
# Backend SSL Proxy (8918 -> 444)
|
||||
https://{$SERVER_IP:192.168.84.113}:444 {
|
||||
https://{$SERVER_IP:192.168.84.113}:444 {
|
||||
tls internal {
|
||||
reverse_proxy backend:8000
|
||||
on_demand
|
||||
}
|
||||
reverse_proxy backend:8000
|
||||
}
|
||||
}
|
||||
|
||||
8
config/proxy/Dockerfile
Normal file
8
config/proxy/Dockerfile
Normal file
@@ -0,0 +1,8 @@
|
||||
FROM caddy:2-alpine
|
||||
|
||||
# Install nss-tools to allow Caddy to manage its internal trust store (fixes certutil warning)
|
||||
# Install ca-certificates to ensure Caddy can trust external sites if needed
|
||||
RUN apk add --no-cache nss-tools ca-certificates
|
||||
|
||||
# Expose the internal proxy ports
|
||||
EXPOSE 80 443 444
|
||||
Reference in New Issue
Block a user