From d80df95f43f480f6faddc6b702c3e145127bc665 Mon Sep 17 00:00:00 2001
From: Andreas Knuth <andreas.knuth@gmail.com>
Date: Thu, 11 Sep 2025 12:17:57 -0500
Subject: [PATCH] iitwelders as proxy

---
 caddy/Caddyfile | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 430d369..ce41dbb 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -101,6 +101,39 @@ gregknoppcpa.bayarea-cc.com {
     }
     encode gzip
 }
+iitwelders.bayarea-cc.com {
+  # Optional: Basis-Hardening
+  encode zstd gzip
+  header {
+    # Browser-ähnlicher Forward (optional)
+    -Server
+    X-Frame-Options "SAMEORIGIN"
+  }
+
+  # Falls die Zielseite nur www. spricht, nimm https://www.iitwelders.com
+  reverse_proxy https://www.iitwelders.com {
+    # Very important: Origin-Host durchreichen
+    header_up Host www.iitwelders.com
+    header_up X-Forwarded-Host {host}
+    header_up X-Forwarded-Proto {scheme}
+    header_up X-Forwarded-For {remote_host}
+
+    # Manchmal blocken Upstreams komische Encodings von Proxys
+    header_up Accept-Encoding identity
+
+    # SNI/ServerName für TLS Richtung Upstream
+    transport http {
+      tls_server_name www.iitwelders.com
+    }
+
+    # Optional: ein "normales" User-Agent setzen, falls der Upstream picky ist
+    header_up User-Agent {>User-Agent}
+  }
+
+  # Optional: Healthcheck-Route fürs Monitoring
+  @health path /_health
+  respond @health "ok" 200
+}
 www.fancytextstuff.com {
     redir https://fancytextstuff.com{uri} permanent
 }