35 lines
894 B
Caddyfile
35 lines
894 B
Caddyfile
# TFM aInventory - Caddy Patched IP Configuration
|
|
# Version 1.9.14 - Protocol Lock & Debug Mode
|
|
{
|
|
admin off
|
|
# Enable debug logging for SSL handshake diagnostics
|
|
debug
|
|
|
|
# Trust local CA for internal certificate issuance
|
|
local_certs
|
|
# Avoid errors if the user isn't root (though inside Docker we usually are)
|
|
skip_install_trust
|
|
}
|
|
|
|
# Explicit Frontend SSL Proxy (8919 -> 443)
|
|
https://:443 {
|
|
tls internal
|
|
reverse_proxy frontend:3000
|
|
|
|
# Security Headers for PWA
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
}
|
|
|
|
# Explicit Backend SSL Proxy (8918 -> 444)
|
|
https://:444 {
|
|
tls internal
|
|
reverse_proxy backend:8000
|
|
}
|