Stefan Mogeritsch
4d10b971e5
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 7m21s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m14s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m45s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m48s
- Improved SPA fallback configuration in `Caddyfile` for better proxy compatibility. - Uploaded 2026-03-12 browser console error log to document HTTPS and mixed-content issues. Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
68 lines
1.8 KiB
Caddyfile
68 lines
1.8 KiB
Caddyfile
{
|
|
# Global Options
|
|
servers {
|
|
metrics
|
|
}
|
|
}
|
|
|
|
:4000 {
|
|
# Root directory for static files
|
|
root * /usr/share/caddy
|
|
|
|
# Access Logs (JSON format for Docker)
|
|
log {
|
|
output stdout
|
|
format json
|
|
}
|
|
|
|
# Enable Gzip/Zstd compression
|
|
encode gzip zstd
|
|
|
|
# Templates for runtime configuration (config.json)
|
|
templates {
|
|
mime application/json
|
|
}
|
|
|
|
# Cache Control for static assets (immutable)
|
|
@static {
|
|
file
|
|
path *.js *.css *.png *.jpg *.svg *.wasm
|
|
}
|
|
header @static Cache-Control "public, max-age=31536000, immutable"
|
|
|
|
# Security Headers (Future Proofing for Wasm)
|
|
header {
|
|
# Cross-Origin Isolation for SharedArrayBuffer (required for some Wasm features)
|
|
Cross-Origin-Opener-Policy "same-origin"
|
|
Cross-Origin-Embedder-Policy "require-corp"
|
|
|
|
# Standard Security Headers
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Permissions-Policy "camera=(), microphone=(), geolocation=()"
|
|
}
|
|
|
|
# --- ROUTING LOGIC ---
|
|
|
|
# 1. API Proxy (Priority 1)
|
|
handle /api/* {
|
|
reverse_proxy api-gateway:8081 {
|
|
header_up Host {upstream_hostport}
|
|
}
|
|
}
|
|
|
|
# 2. Health Check
|
|
handle /health {
|
|
respond "healthy" 200
|
|
}
|
|
|
|
# 3. Static Files & SPA Fallback (NEUE, ROBUSTERE KONFIGURATION)
|
|
# Serve static files directly.
|
|
# For any path that is NOT a file and NOT a directory, rewrite to /index.html.
|
|
# This is a more explicit SPA-fallback than try_files for some proxies.
|
|
@not_file `not file`
|
|
rewrite @not_file /index.html
|
|
file_server
|
|
}
|