Changed from localhost-specific to wildcard listening: - https://:8918 (any IP on port 8918) → backend - https://:8919 (any IP on port 8919) → frontend On-demand TLS generates certificates for any accessing IP/hostname Self-signed certs now work via: - localhost - 127.0.0.1 - 192.168.x.x (or any IP on network) - Any hostname Tested and verified working via 192.168.84.131:8919
41 lines
926 B
Caddyfile
41 lines
926 B
Caddyfile
# TFM aInventory - Standalone Caddy Configuration
|
|
# Self-signed SSL/TLS reverse proxy for any IP/hostname
|
|
{
|
|
admin off
|
|
local_certs
|
|
skip_install_trust
|
|
|
|
on_demand_tls {
|
|
ask http://localhost:8916/
|
|
}
|
|
}
|
|
|
|
# Dynamic HTTPS Frontend (port 8919) - Matches ANY IP or hostname
|
|
https://:8919 {
|
|
tls internal {
|
|
on_demand
|
|
}
|
|
reverse_proxy localhost:8917
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
}
|
|
|
|
# Dynamic HTTPS Backend (port 8918) - Matches ANY IP or hostname
|
|
https://:8918 {
|
|
tls internal {
|
|
on_demand
|
|
}
|
|
reverse_proxy localhost:8916
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
}
|