# TFM aInventory - Standalone Caddy Configuration # Self-signed SSL/TLS reverse proxy for any IP/hostname { admin off local_certs skip_install_trust on_demand_tls { ask http://localhost:8916/ } } # Dynamic HTTPS Frontend (port 8919) - Matches ANY IP or hostname https://:8919 { tls internal { on_demand } reverse_proxy localhost:8917 { header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-XSS-Protection "1; mode=block" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" } } # Dynamic HTTPS Backend (port 8918) - Matches ANY IP or hostname https://:8918 { tls internal { on_demand } reverse_proxy localhost:8916 { header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } }