meldestelle/config/docker/caddy/web-app/Caddyfile

{
# Global Options
# Enable Prometheus metrics
  servers {
            metrics
          }
}

:4000 {
# Root directory for static files
  root * /usr/share/caddy

# Access Logs (JSON format for Docker)
  log {
        output stdout
        format json
      }

# Enable Gzip/Zstd compression
  encode gzip zstd

# Templates for runtime configuration (config.json)
  templates {
              mime application/json
            }

# Cache Control for static assets (immutable)
  @static {
            file
            path *.js *.css *.png *.jpg *.svg *.wasm
          }
  header @static Cache-Control "public, max-age=31536000, immutable"

# Security Headers (Future Proofing for Wasm)
  header {
         # Cross-Origin Isolation for SharedArrayBuffer (required for some Wasm features)
           Cross-Origin-Opener-Policy "same-origin"
           Cross-Origin-Embedder-Policy "require-corp"

         # Standard Security Headers
           X-Content-Type-Options "nosniff"
           X-Frame-Options "DENY"
           Referrer-Policy "strict-origin-when-cross-origin"
           Permissions-Policy "camera=(), microphone=(), geolocation=()"
         }

# --- ROUTING LOGIC ---

# 1. API Proxy (Priority 1)
  handle /api/* {
                  reverse_proxy api-gateway:8081 {
                                                   header_up Host {upstream_hostport}
                                                 }
                }

# 2. Health Check
  handle /health {
                   respond "healthy" 200
                 }

# 3. Static Files & SPA Fallback (Priority 2)
  handle {
         # Serve static files if they exist
           file_server

         # SPA Routing: Fallback to index.html for non-existent files
           try_files {path} /index.html
         }
}