caddy with replace/response

caddy/Caddyfile

@@ -104,26 +104,40 @@ gregknoppcpa.bayarea-cc.com {
 iitwelders.bayarea-cc.com {
   encode zstd gzip
 
+  # Reverse-Proxy auf das geogeblockte Ziel
   reverse_proxy https://iitwelders.com {
-    # Wichtig: als Host explizit die Apex-Domain setzen,
-    # damit der Upstream NICHT auf iitwelders.com umleitet.
+    # Origin-Host/SNI korrekt setzen, damit kein Redirect mehr zurück kommt
     header_up Host iitwelders.com
-
-    # Übliche Forwarded-Header
     header_up X-Forwarded-Host {host}
     header_up X-Forwarded-Proto {scheme}
     header_up X-Forwarded-For {remote_host}
+    header_up Accept-Encoding identity
 
-    # TLS SNI passend zum Upstream-Host
     transport http {
       tls_server_name iitwelders.com
     }
 
-    # Falls der Upstream Probleme mit komprimierten Requests hat:
-    header_up Accept-Encoding identity
+    # Falls der Origin doch mal absolute Redirects schickt:
+    # Location-Header auf Proxy-Domain mappen (einfacher Standardfall)
+    header_down Location https://iitwelders.bayarea-cc.com{uri}
   }
 
-  # Optional: einfache Health-Route
+  # --- Body-Rewriting: harte Links im HTML/CSS/JS umbiegen ---
+  # HTML
+  @html header Content-Type text/html*
+  replace_response @html {
+    s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com"
+    s "//iitwelders.com" "//iitwelders.bayarea-cc.com"
+  }
+
+  # CSS/JS/JSON (falls dort absolute URLs vorkommen)
+  @assets header Content-Type text/css* text/javascript* application/javascript* application/json*
+  replace_response @assets {
+    s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com"
+    s "//iitwelders.com" "//iitwelders.bayarea-cc.com"
+  }
+
+  # Healthcheck (optional)
   @health path /_health
   respond @health "ok" 200
 }

caddy/Dockerfile.caddy

@@ -0,0 +1,10 @@
+# Caddy mit Cloudflare-DNS + replace-response bauen
+FROM caddy:2.8-builder AS builder
+RUN xcaddy build \
+  --with github.com/caddy-dns/cloudflare \
+  --with github.com/caddyserver/replace-response
+
+FROM caddy:2.8
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+# (optional) Ort für Logs
+RUN mkdir -p /var/log/caddy

caddy/docker-compose.yml

@@ -1,7 +1,9 @@
 services:
   caddy:
     container_name: caddy
-    image: iarekylew00t/caddy-cloudflare:latest
+    build:
+      context: .
+      dockerfile: Dockerfile.caddy
     restart: unless-stopped
     ports:
       - "80:80"
@@ -24,8 +26,8 @@ services:
       - /home/aknuth/git/bay-area-affiliates/dist/bay-area-affiliates/browser:/app
       - /home/aknuth/log/caddy:/var/log/caddy
     environment:
-      - CLOUDFLARE_API_TOKEN=q1P7J3uqS96FGj_iiX2mI8y1ulTaIFrTp8tyTXhG
-      - CLOUDFLARE_EMAIL=andreas.knuth@gmail.com
+      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
+      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
 
 networks:
   bizmatch: