Files
zroc/caddy/Caddyfile
T
Justin 450f50ddf4 fix: close OVA build gaps — 24.04, overlay copy, full compose stack
- Replace ubuntu-26.04 (unreleased) with ubuntu-24.04 LTS throughout
- Add file provisioner to Packer HCL to copy overlays/ into VM before
  provisioning (fixes missing zroc-setup binary in 03-setup-wizard.sh)
- Rebuild root docker-compose.yaml: full stack with env vars — Caddy,
  zroc-ui, Authentik (server + worker + postgres + redis), Prometheus,
  Grafana, Zerto exporter, Watchtower; no hardcoded credentials
- Add caddy/Caddyfile to repo root for reverse proxy / TLS
- Update 02-zroc.sh to pre-pull all service images during OVA build
- Update GitHub Actions workflow to reference ubuntu-2404.pkr.hcl

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-12 20:39:36 -04:00

48 lines
1.0 KiB
Caddyfile

{
admin off
auto_https off
log {
format json
}
}
:443 {
tls internal
handle /auth/* {
reverse_proxy authentik-server:9000 {
header_up X-Forwarded-Proto https
header_up X-Forwarded-For {remote_host}
}
}
handle /outpost.goauthentik.io/* {
reverse_proxy authentik-server:9000 {
header_up X-Forwarded-Proto https
}
}
handle {
reverse_proxy zroc-ui:3001 {
header_up X-Forwarded-Proto https
header_up X-Forwarded-For {remote_host}
header_up X-Real-IP {remote_host}
health_uri /api/health
health_interval 15s
}
}
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains"
-Server
}
}
:80 {
redir https://{host}{uri} permanent
}