capitalism-eats-the-world/CADDY.md

# Caddy Server Configuration

This project uses Caddy as a reverse proxy to handle SSL termination with Let's Encrypt and WebSocket support for the domain `markov.elpatron.me`.

## Configuration

The Caddy configuration is defined in the [Caddyfile](Caddyfile) and includes:

1. Automatic SSL certificate management with Let's Encrypt
2. Reverse proxy to the Flask application
3. Proper WebSocket support for real-time updates
4. Simplified configuration with automatic header forwarding

## Setup Instructions

1. Update the email address in the [Caddyfile](Caddyfile) to your actual email for Let's Encrypt notifications:
   ```
   markov.elpatron.me {
       tls your-email@example.com
       # ... rest of configuration
   }
   ```

2. Ensure your DNS is properly configured to point `markov.elpatron.me` to your server's IP address.

3. Start the services with Docker Compose:
   ```bash
   docker-compose up -d
   ```

## How It Works

- Caddy automatically obtains and renews SSL certificates from Let's Encrypt
- All HTTP traffic is automatically redirected to HTTPS
- WebSocket connections are properly handled and forwarded to the Flask-SocketIO application
- Caddy automatically forwards standard proxy headers to preserve client IP and protocol information

## WebSocket Support

The configuration includes specific handling for WebSocket upgrade requests to ensure real-time features work correctly:

```
@websockets {
    header Connection *Upgrade*
    header Upgrade websocket
}
```

This ensures that SocketIO connections can be established and maintained properly through the proxy.

## Configuration Optimization

The Caddyfile has been optimized to:
- Remove unnecessary header forwarding directives (Caddy automatically forwards standard headers)
- Maintain clear separation between general reverse proxy rules and WebSocket-specific rules
- Keep the configuration simple and maintainable