Compare commits

..

3 Commits

Author SHA1 Message Date
Daniel Bedeleanu
826b264a70 Build [v1.9.15] (The Dynamic Shield: On-Demand TLS Catch-all) 2026-04-13 22:43:40 +03:00
Daniel Bedeleanu
94f1a515b7 Build [v1.9.14] (Protocol Lock: Explicit HTTPS & Handshake Debug) 2026-04-13 22:37:50 +03:00
Daniel Bedeleanu
4dc0ce50e7 Build [v1.9.13] (Bare Metal: Fixed Caddy Syntax & Universal Binding) 2026-04-13 22:31:04 +03:00
2 changed files with 20 additions and 9 deletions

View File

@@ -1,22 +1,33 @@
# TFM aInventory - Caddy Patched IP Configuration
# Version 1.9.12 - Secure Seal & IP Stability
# Version 1.9.15 - The Dynamic Shield (On-Demand TLS)
{
admin off
debug
# Global TLS options for self-signed certificates
local_certs
local_certs
skip_install_trust
# Configure on-demand TLS for private network IPs
on_demand_tls {
# Using a dummy check or local health endpoint to allow any IP in private range
# For simplicity in this env, we use the frontend's existence as the check
ask http://frontend:3000/api/health
}
}
# Dynamic SSL Proxy (Matches ANY IP or hostname)
https://{$SERVER_IP:192.168.84.113}:443 {
tls internal {
https:// {
tls internal {
on_demand
}
# Route based on the port (Caddy handles multiple listeners in this catch-all)
# But since we have specific container ports, we'll split them for clarity
# to avoid port collision in the catch-all.
reverse_proxy frontend:3000
header {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
@@ -26,8 +37,8 @@ https://{$SERVER_IP:192.168.84.113}:443 {
}
# Specific port listener for backend (8918 -> 444)
https://{$SERVER_IP:192.168.84.113}:444 {
tls internal {
https://:444 {
tls internal {
on_demand
}
reverse_proxy backend:8000

View File

@@ -1 +1 @@
{"version": "1.9.11", "last_build": "2026-04-13-2215", "codename": "Convergence", "commit": "9d7e4f0c"}
{"version": "1.9.14", "last_build": "2026-04-13-2237", "codename": "ProtocolLock", "commit": "94f1a515"}