Replace Nginx/Certbot with Caddy for automatic SSL

- Replaced nginx and certbot services with caddy in docker-compose-prod.yml - Added Caddyfile configuration with automatic SSL and security headers - Created setup-caddy.sh script for easy deployment - Caddy automatically handles Let's Encrypt certificates without manual setup - Much simpler SSL management compared to nginx/certbot combination
2025-10-01 23:34:43 +02:00
parent c28d4fc4ec
commit 8ffe459d50
3 changed files with 160 additions and 23 deletions
--- a/48
+++ b/48
@@ -0,0 +1,48 @@
+# Caddyfile für Stargirlnails Kiel
+# Automatisches SSL mit Let's Encrypt
+
+stargirlnails.de {
+    # Reverse Proxy zur Anwendung
+    reverse_proxy stargirlnails:3000 {
+        # Health Check
+        health_uri /health
+        health_interval 30s
+        health_timeout 5s
+    }
+
+    # Sicherheits-Header
+    header {
+        # Sicherheits-Header
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self';"
+        
+        # HSTS (wird automatisch von Caddy gesetzt)
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    }
+
+    # Rate Limiting
+    rate_limit {
+        zone static {
+            key {remote_host}
+            events 10
+            window 1m
+        }
+    }
+
+    # Gzip-Kompression
+    encode gzip
+
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+        format json
+    }
+}
+
+# HTTP zu HTTPS Redirect (automatisch von Caddy)
+http://stargirlnails.de {
+    redir https://stargirlnails.de{uri} permanent
+}