From 57fbce27f6c64a2afcb371b2a8e0cbf0cbda52e1 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 11 Sep 2025 12:56:27 -0500 Subject: [PATCH] caddy with replace/response --- caddy/Caddyfile | 30 ++++++++++++++++++++++-------- caddy/Dockerfile.caddy | 10 ++++++++++ caddy/docker-compose.yml | 8 +++++--- 3 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 caddy/Dockerfile.caddy diff --git a/caddy/Caddyfile b/caddy/Caddyfile index 28bc0ba..0b51918 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -104,26 +104,40 @@ gregknoppcpa.bayarea-cc.com { iitwelders.bayarea-cc.com { encode zstd gzip + # Reverse-Proxy auf das geogeblockte Ziel reverse_proxy https://iitwelders.com { - # Wichtig: als Host explizit die Apex-Domain setzen, - # damit der Upstream NICHT auf iitwelders.com umleitet. + # Origin-Host/SNI korrekt setzen, damit kein Redirect mehr zurück kommt header_up Host iitwelders.com - - # Übliche Forwarded-Header header_up X-Forwarded-Host {host} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-For {remote_host} + header_up Accept-Encoding identity - # TLS SNI passend zum Upstream-Host transport http { tls_server_name iitwelders.com } - # Falls der Upstream Probleme mit komprimierten Requests hat: - header_up Accept-Encoding identity + # Falls der Origin doch mal absolute Redirects schickt: + # Location-Header auf Proxy-Domain mappen (einfacher Standardfall) + header_down Location https://iitwelders.bayarea-cc.com{uri} } - # Optional: einfache Health-Route + # --- Body-Rewriting: harte Links im HTML/CSS/JS umbiegen --- + # HTML + @html header Content-Type text/html* + replace_response @html { + s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com" + s "//iitwelders.com" "//iitwelders.bayarea-cc.com" + } + + # CSS/JS/JSON (falls dort absolute URLs vorkommen) + @assets header Content-Type text/css* text/javascript* application/javascript* application/json* + replace_response @assets { + s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com" + s "//iitwelders.com" "//iitwelders.bayarea-cc.com" + } + + # Healthcheck (optional) @health path /_health respond @health "ok" 200 } diff --git a/caddy/Dockerfile.caddy b/caddy/Dockerfile.caddy new file mode 100644 index 0000000..db434d6 --- /dev/null +++ b/caddy/Dockerfile.caddy @@ -0,0 +1,10 @@ +# Caddy mit Cloudflare-DNS + replace-response bauen +FROM caddy:2.8-builder AS builder +RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare \ + --with github.com/caddyserver/replace-response + +FROM caddy:2.8 +COPY --from=builder /usr/bin/caddy /usr/bin/caddy +# (optional) Ort für Logs +RUN mkdir -p /var/log/caddy diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml index b4d68e3..f927909 100644 --- a/caddy/docker-compose.yml +++ b/caddy/docker-compose.yml @@ -1,7 +1,9 @@ services: caddy: container_name: caddy - image: iarekylew00t/caddy-cloudflare:latest + build: + context: . + dockerfile: Dockerfile.caddy restart: unless-stopped ports: - "80:80" @@ -24,8 +26,8 @@ services: - /home/aknuth/git/bay-area-affiliates/dist/bay-area-affiliates/browser:/app - /home/aknuth/log/caddy:/var/log/caddy environment: - - CLOUDFLARE_API_TOKEN=q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG - - CLOUDFLARE_EMAIL=andreas.knuth@gmail.com + - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} + - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} networks: bizmatch: