-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCaddyfile.docker
More file actions
189 lines (165 loc) · 5.09 KB
/
Caddyfile.docker
File metadata and controls
189 lines (165 loc) · 5.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# Caddy v2 Configuration for AstralisOne.com (Docker Deployment)
# Auto-HTTPS enabled via Let's Encrypt
# Server: 137.184.31.207
# Docker Network: astralis-network
#
# DIFFERENCE FROM STANDARD Caddyfile:
# - Uses Docker service names (app:3001, n8n:5678) instead of localhost
# =============================================================================
# Main Application - astralisone.com
# =============================================================================
astralisone.com, www.astralisone.com {
# Automatic HTTPS via Let's Encrypt
# Certificates stored in /data/caddy/certificates
# Security headers
header {
# HSTS (6 months)
Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
# XSS Protection
X-XSS-Protection "1; mode=block"
# Prevent MIME sniffing
X-Content-Type-Options "nosniff"
# Frame options (allow same origin for embedded content)
X-Frame-Options "SAMEORIGIN"
# Referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
# Remove server identification
-Server
}
# Request body size limit (50MB for document uploads)
request_body {
max_size 50MB
}
# Reverse proxy to Next.js app (Docker service name: app)
reverse_proxy app:3001 {
# Health check
health_uri /api/health
health_interval 30s
health_timeout 10s
health_status 200
# Preserve original headers
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
# WebSocket support for Next.js HMR and SSR
header_up Connection {>Connection}
header_up Upgrade {>Upgrade}
# Timeouts for long-running operations
transport http {
# Long timeout for document processing, OCR, AI operations
read_timeout 300s
write_timeout 300s
dial_timeout 30s
}
}
# Access logging
log {
output file /var/log/caddy/astralisone.log {
roll_size 100mb
roll_keep 10
roll_keep_for 720h
}
format json
level INFO
}
# Error page customization (optional)
handle_errors {
@5xx expression `{http.error.status_code} >= 500 && {http.error.status_code} < 600`
handle @5xx {
respond "Service temporarily unavailable. Please try again later." 503
}
}
}
# =============================================================================
# n8n Automation Platform - automation.astralisone.com
# =============================================================================
automation.astralisone.com {
# Automatic HTTPS via Let's Encrypt
# Security headers (slightly different for n8n)
header {
# HSTS
Strict-Transport-Security "max-age=15768000; includeSubDomains"
# XSS Protection
X-XSS-Protection "1; mode=block"
# Prevent MIME sniffing
X-Content-Type-Options "nosniff"
# n8n needs to load in iframes for some integrations
-X-Frame-Options
# Referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
# CSP for n8n (allows webhooks and third-party integrations)
Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self'"
# Remove server identification
-Server
}
# Request body size limit (100MB for n8n workflow data)
request_body {
max_size 100MB
}
# Reverse proxy to n8n (Docker service name: n8n)
reverse_proxy n8n:5678 {
# Health check
health_uri /healthz
health_interval 30s
health_timeout 10s
health_status 200
# Preserve original headers
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
# WebSocket support (CRITICAL for n8n editor and webhooks)
header_up Connection {>Connection}
header_up Upgrade {>Upgrade}
# Extended timeouts for long-running workflows
transport http {
# Very long timeout for n8n workflow executions
read_timeout 600s
write_timeout 600s
dial_timeout 30s
# Keep connections alive for webhooks
keepalive 90s
keepalive_idle_conns 10
}
}
# Access logging
log {
output file /var/log/caddy/automation.log {
roll_size 100mb
roll_keep 10
roll_keep_for 720h
}
format json
level INFO
}
}
# =============================================================================
# Optional: Redirect apex to www (if you prefer www)
# =============================================================================
# Uncomment the block below if you want to redirect astralisone.com → www.astralisone.com
# Currently both domains serve the same content
# astralisone.com {
# redir https://www.astralisone.com{uri} permanent
# }
# =============================================================================
# Global Options
# =============================================================================
{
# Email for Let's Encrypt notifications
email [email protected]
# Admin API for Caddy management (localhost only for security)
admin localhost:2019
# Automatic HTTPS settings
auto_https on
# ACME protocol settings (Let's Encrypt)
acme_ca https://acme-v02.api.letsencrypt.org/directory
# Enable HTTP/2 and HTTP/3
servers {
protocol {
experimental_http3
}
}
}