docs(server): Caddyfile template with TLS + WSS reverse-proxy

2026-04-22 08:41:18 +02:00 · 2026-04-22 08:41:18 +02:00 · 585fbd0623
commit 585fbd0623
parent b44ab86fdb
1 changed files with 37 additions and 0 deletions
--- a/server/docs/Caddyfile.example
+++ b/server/docs/Caddyfile.example
@ -0,0 +1,37 @@
+# /etc/caddy/Caddyfile — Proxmox Monitor reverse-proxy
+#
+# Replace monitor.example.com with your actual hostname.
+# Caddy handles Let's Encrypt automatically when the domain's A record
+# points at this host.
+
+monitor.example.com {
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+
+    # The Phoenix endpoint handles both HTTP requests and WebSocket upgrades
+    # on the same port; Caddy's reverse_proxy transparently upgrades /socket.
+    reverse_proxy 127.0.0.1:4000 {
+        header_up X-Forwarded-Proto {scheme}
+        header_up X-Forwarded-For {remote_host}
+        # Keep WebSocket connections open long enough for the Phoenix heartbeat
+        # cycle (30s by default).
+        transport http {
+            read_timeout 90s
+            dial_timeout 10s
+        }
+    }
+
+    # Basic access log
+    log {
+        output file /var/log/caddy/monitor.log {
+            roll_size 10mb
+            roll_keep 5
+        }
+    }
+}