mirror of https://github.com/xwiki-labs/cryptpad
Caddyfile: More reverse proxying
This commit is contained in:
parent
538c4ba924
commit
0df91771d5
|
@ -8,6 +8,12 @@
|
|||
# installation (http server by the Nodejs process). If you are using CryptPad
|
||||
# in production and require professional support please contact sales@cryptpad.fr
|
||||
|
||||
@trustedProxies {
|
||||
# Force Caddy to accept `X-Forwarded-For` and other origin headers.
|
||||
# Modify the line below if you want to restrict the scope of direct downstream sending these headers.
|
||||
trusted_proxies 0.0.0.0/0 ::/0
|
||||
}
|
||||
|
||||
# Caddy does not have variables for server names, so domains need to be hardcoded.
|
||||
# You can bulk replace "your-main-domain.com" and "your-sandbox-domain.com" safely.
|
||||
your-main-domain.com:443,
|
||||
|
@ -138,9 +144,41 @@ your-sandbox-domain.com:443 {
|
|||
|
||||
# Caddy supports WebSockets directly. No additional headers are needed.
|
||||
|
||||
# Force Caddy to accept `X-Forwarded-For` and other origin headers.
|
||||
# Modify the line below if you want to restrict the scope of direct downstream sending these headers.
|
||||
trusted_proxies 0.0.0.0/0 ::/0
|
||||
import trustedProxies
|
||||
}
|
||||
}
|
||||
|
||||
handle_path /customize.dist/* {
|
||||
# This is needed in order to prevent infinite recursion between /customize/ and the root.
|
||||
}
|
||||
|
||||
# Try to load customizeable content via /customize/ and fall back to the default content located
|
||||
# at /customize.dist/ .
|
||||
# This is what allows you to override behaviour.
|
||||
handle_path /customize/* {
|
||||
try_files /customize/{path} /customize.dist/{path}
|
||||
file_server {
|
||||
index index.html index.htm default.html default.htm
|
||||
}
|
||||
}
|
||||
|
||||
# /api/config is loaded once per page load, and is used to retrieve the caching variable,
|
||||
# which is applied to every other resource loaded during that session.
|
||||
@sharedReverseProxy {
|
||||
path /api/*
|
||||
path /extensions.js
|
||||
}
|
||||
handle @sharedReverseProxy {
|
||||
reverse_proxy * {
|
||||
to 127.0.0.1:3000
|
||||
header_up Host "{host}"
|
||||
header_up X-Real-IP "{remote_host}"
|
||||
|
||||
# These settings prevent both Caddy and the API server from setting duplicate headers.
|
||||
header_down Cross-Origin-Resource-Policy cross-origin
|
||||
header_down Cross-Origin-Embedder-Policy require-corp
|
||||
|
||||
import trustedProxies
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue