Complete feature parity with Docker deployment: - Caddy reverse proxy manages SSL/TLS - Ports: 8916/8917 (HTTP), 8918/8919 (HTTPS) - Self-signed certificates (development-friendly) - Automatic certificate generation via on-demand TLS - Security headers (HSTS, XSS Protection, etc.) Changes: - Created Caddyfile.standalone for localhost config - Enhanced start_servers.py with Caddy startup/monitoring - Auto-install Caddy via apt if not present - Updated status output to show both HTTP and HTTPS URLs - All three services (backend, frontend, caddy) in one launcher Both Docker and Standalone modes now have IDENTICAL capabilities: - Full production-ready SSL/TLS support - Reverse proxy with auto-certificate management - HTTPS-only capable Resolves dual-deployment equivalence requirement
41 lines
889 B
Caddyfile
41 lines
889 B
Caddyfile
# TFM aInventory - Standalone Caddy Configuration
|
|
# Self-signed SSL/TLS reverse proxy for localhost deployment
|
|
{
|
|
admin off
|
|
local_certs
|
|
skip_install_trust
|
|
|
|
on_demand_tls {
|
|
ask http://localhost:8916/
|
|
}
|
|
}
|
|
|
|
# HTTPS Frontend (port 8919 -> 443)
|
|
https://localhost:8919 {
|
|
tls internal {
|
|
on_demand
|
|
}
|
|
reverse_proxy localhost:8917
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
}
|
|
|
|
# HTTPS Backend (port 8918 -> 444)
|
|
https://localhost:8918 {
|
|
tls internal {
|
|
on_demand
|
|
}
|
|
reverse_proxy localhost:8916
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
}
|