ca40b1efb9
- Simplify TLS setup for hoerdle.de and hördle.de by using automatic HTTP-01 challenge - Remove wildcard certificate configuration and clarify usage for root-domains only - Enhance comments for better understanding of the configuration
122 lines
3.6 KiB
Caddyfile
122 lines
3.6 KiB
Caddyfile
# Caddy-Konfiguration für Hördle
|
|
# Root-Domains: hoerdle.de und hördle.de (xn--hrdle-jua.de)
|
|
# Hinweis: Diese Konfiguration funktioniert nur für Root-Domains, nicht für Subdomains
|
|
# Für Subdomains wären Wildcard-Zertifikate mit DNS-01 Challenge nötig
|
|
|
|
# Domain 1: hoerdle.de (ASCII)
|
|
hoerdle.de {
|
|
# TLS mit automatischer HTTP-01 Challenge (funktioniert nur für Root-Domain)
|
|
# Caddy verwendet automatisch Let's Encrypt
|
|
|
|
# Upload-Limit: 50MB (wie in nginx.conf.example)
|
|
request_body {
|
|
max_size 50MB
|
|
}
|
|
|
|
# Reverse Proxy zu hoerdle Container
|
|
reverse_proxy hoerdle:3010 {
|
|
# HTTP/1.1 für WebSocket Support
|
|
transport http {
|
|
versions 1.1
|
|
}
|
|
|
|
# Headers für Audio-Streaming (Range Requests)
|
|
header_up Range {http.request.header.Range}
|
|
header_up If-Range {http.request.header.If-Range}
|
|
|
|
# Kein Caching bei Range Requests
|
|
header_down Cache-Control "no-cache" {
|
|
when {http.request.header.Range}
|
|
}
|
|
|
|
# Timeouts für große Dateien (300s wie in nginx)
|
|
timeout 300s
|
|
|
|
# WebSocket Support
|
|
header_up Connection {>Connection}
|
|
header_up Upgrade {>Upgrade}
|
|
}
|
|
|
|
# Spezielle Behandlung für /uploads/ Route (Audio-Dateien)
|
|
handle /uploads/* {
|
|
reverse_proxy hoerdle:3010 {
|
|
# Range Requests für Audio-Streaming
|
|
header_up Range {http.request.header.Range}
|
|
header_up If-Range {http.request.header.If-Range}
|
|
|
|
# Buffering deaktivieren für große Dateien
|
|
# (Caddy hat kein explizites proxy_buffering, aber Timeouts setzen)
|
|
timeout 300s
|
|
|
|
# Kein Caching bei Range Requests
|
|
header_down Cache-Control "no-cache" {
|
|
when {http.request.header.Range}
|
|
}
|
|
}
|
|
}
|
|
|
|
# HTTP zu HTTPS Redirect
|
|
@http {
|
|
protocol http
|
|
}
|
|
redir @http https://{host}{uri} permanent
|
|
}
|
|
|
|
# Domain 2: hördle.de (Punycode: xn--hrdle-jua.de)
|
|
xn--hrdle-jua.de {
|
|
# TLS mit automatischer HTTP-01 Challenge (funktioniert nur für Root-Domain)
|
|
# Caddy verwendet automatisch Let's Encrypt
|
|
|
|
# Upload-Limit: 50MB
|
|
request_body {
|
|
max_size 50MB
|
|
}
|
|
|
|
# Reverse Proxy zu hoerdle Container
|
|
reverse_proxy hoerdle:3010 {
|
|
# HTTP/1.1 für WebSocket Support
|
|
transport http {
|
|
versions 1.1
|
|
}
|
|
|
|
# Headers für Audio-Streaming (Range Requests)
|
|
header_up Range {http.request.header.Range}
|
|
header_up If-Range {http.request.header.If-Range}
|
|
|
|
# Kein Caching bei Range Requests
|
|
header_down Cache-Control "no-cache" {
|
|
when {http.request.header.Range}
|
|
}
|
|
|
|
# Timeouts für große Dateien (300s)
|
|
timeout 300s
|
|
|
|
# WebSocket Support
|
|
header_up Connection {>Connection}
|
|
header_up Upgrade {>Upgrade}
|
|
}
|
|
|
|
# Spezielle Behandlung für /uploads/ Route (Audio-Dateien)
|
|
handle /uploads/* {
|
|
reverse_proxy hoerdle:3010 {
|
|
# Range Requests für Audio-Streaming
|
|
header_up Range {http.request.header.Range}
|
|
header_up If-Range {http.request.header.If-Range}
|
|
|
|
# Timeouts für große Dateien
|
|
timeout 300s
|
|
|
|
# Kein Caching bei Range Requests
|
|
header_down Cache-Control "no-cache" {
|
|
when {http.request.header.Range}
|
|
}
|
|
}
|
|
}
|
|
|
|
# HTTP zu HTTPS Redirect
|
|
@http {
|
|
protocol http
|
|
}
|
|
redir @http https://{host}{uri} permanent
|
|
}
|