hedgedoc/dev-reverse-proxy/Caddyfile

#
# SPDX-FileCopyrightText: 2024 The HedgeDoc developers (see AUTHORS file)
#
# SPDX-License-Identifier: AGPL-3.0-only
#

# Allow private ranges as proxies, for example when running Caddy behind another reverse proxy
# Otherwise Caddy strips the required X-Forwarded-Proto and X-Forwarded-Host headers
# This is a common scenario when exposing a local dev setup to someone else
{
    servers {
        trusted_proxies static private_ranges
    }
}

# Use port 8080 by default, but allow overriding using CADDY_HOST env variable
{$CADDY_HOST::8080} {

    log {
	    output stdout
        level WARN
	    format console
    }

    reverse_proxy /realtime http://localhost:{$HD_BACKEND_PORT:3000}
    reverse_proxy /api/* http://localhost:{$HD_BACKEND_PORT:3000}
    reverse_proxy /public/* http://localhost:{$HD_BACKEND_PORT:3000}
    reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000}
    reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000}
    reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001}
}
Add basic realtime communication (#2118) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-06-18 12:40:28 -04:00			`#`
enhancement(caddy): expose :8080 by default, trust private proxies This commit changes the caddyfile to not directly rely on the HD_BASE_URL environment variable, but instead default to port 8080 as used in our package.json scripts and docs. The caddy domain can optionally be overridden using the CADDY_HOST env variable. Furthermore, this change adds a section to trust reverse-proxies in front of Caddy if they are in a private range IP address network. Both these changes are required to be able to expose a local development setup with another domain than localhost to a co-developer. With this change it works without having Caddy trying to generate TLS certificates for that domain nor HedgeDoc erroring about a origin mismatch, that occurs as Caddy doesn't forward specific headers otherwise. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-09-13 09:36:09 -04:00			`# SPDX-FileCopyrightText: 2024 The HedgeDoc developers (see AUTHORS file)`
Add basic realtime communication (#2118) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-06-18 12:40:28 -04:00			`#`
			`# SPDX-License-Identifier: AGPL-3.0-only`
			`#`

enhancement(caddy): expose :8080 by default, trust private proxies This commit changes the caddyfile to not directly rely on the HD_BASE_URL environment variable, but instead default to port 8080 as used in our package.json scripts and docs. The caddy domain can optionally be overridden using the CADDY_HOST env variable. Furthermore, this change adds a section to trust reverse-proxies in front of Caddy if they are in a private range IP address network. Both these changes are required to be able to expose a local development setup with another domain than localhost to a co-developer. With this change it works without having Caddy trying to generate TLS certificates for that domain nor HedgeDoc erroring about a origin mismatch, that occurs as Caddy doesn't forward specific headers otherwise. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-09-13 09:36:09 -04:00			`# Allow private ranges as proxies, for example when running Caddy behind another reverse proxy`
			`# Otherwise Caddy strips the required X-Forwarded-Proto and X-Forwarded-Host headers`
			`# This is a common scenario when exposing a local dev setup to someone else`
			`{`
			`servers {`
			`trusted_proxies static private_ranges`
			`}`
Add basic realtime communication (#2118) Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-06-18 12:40:28 -04:00			`}`

enhancement(caddy): expose :8080 by default, trust private proxies This commit changes the caddyfile to not directly rely on the HD_BASE_URL environment variable, but instead default to port 8080 as used in our package.json scripts and docs. The caddy domain can optionally be overridden using the CADDY_HOST env variable. Furthermore, this change adds a section to trust reverse-proxies in front of Caddy if they are in a private range IP address network. Both these changes are required to be able to expose a local development setup with another domain than localhost to a co-developer. With this change it works without having Caddy trying to generate TLS certificates for that domain nor HedgeDoc erroring about a origin mismatch, that occurs as Caddy doesn't forward specific headers otherwise. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-09-13 09:36:09 -04:00			`# Use port 8080 by default, but allow overriding using CADDY_HOST env variable`
			`{$CADDY_HOST::8080} {`

			`log {`
			`output stdout`
			`level WARN`
			`format console`
			`}`

			`reverse_proxy /realtime http://localhost:{$HD_BACKEND_PORT:3000}`
			`reverse_proxy /api/* http://localhost:{$HD_BACKEND_PORT:3000}`
			`reverse_proxy /public/* http://localhost:{$HD_BACKEND_PORT:3000}`
			`reverse_proxy /uploads/* http://localhost:{$HD_BACKEND_PORT:3000}`
			`reverse_proxy /media/* http://localhost:{$HD_BACKEND_PORT:3000}`
			`reverse_proxy /* http://localhost:{$HD_FRONTEND_PORT:3001}`
			`}`