docs(server): Caddyfile template with TLS + WSS reverse-proxy
This commit is contained in:
parent
b44ab86fdb
commit
585fbd0623
1 changed files with 37 additions and 0 deletions
37
server/docs/Caddyfile.example
Normal file
37
server/docs/Caddyfile.example
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
# /etc/caddy/Caddyfile — Proxmox Monitor reverse-proxy
|
||||||
|
#
|
||||||
|
# Replace monitor.example.com with your actual hostname.
|
||||||
|
# Caddy handles Let's Encrypt automatically when the domain's A record
|
||||||
|
# points at this host.
|
||||||
|
|
||||||
|
monitor.example.com {
|
||||||
|
# Security headers
|
||||||
|
header {
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
X-Frame-Options "DENY"
|
||||||
|
Referrer-Policy "strict-origin-when-cross-origin"
|
||||||
|
-Server
|
||||||
|
}
|
||||||
|
|
||||||
|
# The Phoenix endpoint handles both HTTP requests and WebSocket upgrades
|
||||||
|
# on the same port; Caddy's reverse_proxy transparently upgrades /socket.
|
||||||
|
reverse_proxy 127.0.0.1:4000 {
|
||||||
|
header_up X-Forwarded-Proto {scheme}
|
||||||
|
header_up X-Forwarded-For {remote_host}
|
||||||
|
# Keep WebSocket connections open long enough for the Phoenix heartbeat
|
||||||
|
# cycle (30s by default).
|
||||||
|
transport http {
|
||||||
|
read_timeout 90s
|
||||||
|
dial_timeout 10s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Basic access log
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/monitor.log {
|
||||||
|
roll_size 10mb
|
||||||
|
roll_keep 5
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue