# TFM aInventory - Caddy Patched IP Configuration # Version 1.9.17 - The Dynamic Shield (Production Polish) { admin off # Global TLS options for self-signed certificates local_certs skip_install_trust # Configure on-demand TLS for private network IPs on_demand_tls { # Pointing to the backend root which returns 200 OK # This allows Caddy to generate internal certs for any IP/domain. ask http://backend:8000/ } } # Dynamic SSL Proxy (Matches ANY IP or hostname) https:// { tls internal { on_demand } reverse_proxy frontend:3000 header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" } } # Specific port listener for backend (8918 -> 444) https://:444 { tls internal { on_demand } reverse_proxy backend:8000 }