mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-03 05:23:13 -04:00
a22ed8778a
auto_https off disabled TLS entirely, causing Caddy to serve plain HTTP on port 443 which produced SSL_ERROR_RX_RECORD_TOO_LONG errors in browsers. Removing it lets tls internal work correctly with Caddy's self-signed certificates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
47 lines
1023 B
Caddyfile
47 lines
1023 B
Caddyfile
{
|
|
admin off
|
|
log {
|
|
format json
|
|
}
|
|
}
|
|
|
|
:443 {
|
|
tls internal
|
|
|
|
handle /auth/* {
|
|
reverse_proxy authentik-server:9000 {
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
}
|
|
}
|
|
|
|
handle /outpost.goauthentik.io/* {
|
|
reverse_proxy authentik-server:9000 {
|
|
header_up X-Forwarded-Proto https
|
|
}
|
|
}
|
|
|
|
handle {
|
|
reverse_proxy zroc-ui:3001 {
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Real-IP {remote_host}
|
|
health_uri /api/health
|
|
health_interval 15s
|
|
}
|
|
}
|
|
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
:80 {
|
|
redir https://{host}{uri} permanent
|
|
}
|