iitwelders as proxy

caddy/Caddyfile

@@ -101,6 +101,39 @@ gregknoppcpa.bayarea-cc.com {
     }
     encode gzip
 }
+iitwelders.bayarea-cc.com {
+  # Optional: Basis-Hardening
+  encode zstd gzip
+  header {
+    # Browser-ähnlicher Forward (optional)
+    -Server
+    X-Frame-Options "SAMEORIGIN"
+  }
+
+  # Falls die Zielseite nur www. spricht, nimm https://www.iitwelders.com
+  reverse_proxy https://www.iitwelders.com {
+    # Very important: Origin-Host durchreichen
+    header_up Host www.iitwelders.com
+    header_up X-Forwarded-Host {host}
+    header_up X-Forwarded-Proto {scheme}
+    header_up X-Forwarded-For {remote_host}
+
+    # Manchmal blocken Upstreams komische Encodings von Proxys
+    header_up Accept-Encoding identity
+
+    # SNI/ServerName für TLS Richtung Upstream
+    transport http {
+      tls_server_name www.iitwelders.com
+    }
+
+    # Optional: ein "normales" User-Agent setzen, falls der Upstream picky ist
+    header_up User-Agent {>User-Agent}
+  }
+
+  # Optional: Healthcheck-Route fürs Monitoring
+  @health path /_health
+  respond @health "ok" 200
+}
 www.fancytextstuff.com {
     redir https://fancytextstuff.com{uri} permanent
 }