docker/caddy/Caddyfile

{
    email {env.CLOUDFLARE_EMAIL}
    acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    acme_ca https://acme-v02.api.letsencrypt.org/directory
    debug
}
bizmatch.net {

}
www.bizmatch.net {

}
bayarea-cc.com {
    # TLS-Direktive entfernen, falls Cloudflare die Verbindung terminiert
    # tls {
    #    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    # }
    
    handle /api {
        reverse_proxy host.docker.internal:3001
    }
    handle {
        root * /app
        try_files {path} /index.html
        file_server
    }
    log {
        output stderr
        format console
    }
    encode gzip
}
www.bayarea-cc.com {
    redir https://bayarea-cc.com{uri} permanent
}
auth.bizmatch.net {
        reverse_proxy https://bizmatch-net.firebaseapp.com {
            header_up Host bizmatch-net.firebaseapp.com
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
            header_up X-Real-IP {remote_host}
        }
}
gitea.bizmatch.net {
    reverse_proxy gitea:3500
}

dev.bizmatch.net {
  handle /pictures/* {
    root * /home/aknuth/git/bizmatch-project/bizmatch-server
    file_server
  }

  handle {
    root * /srv
    try_files {path} {path}/ /index.html
    file_server
  }
  
  log {
    output file /var/log/caddy/access.log {
      roll_size 10MB
      roll_keep 5
      roll_keep_for 48h
    }
  }

  encode gzip 

}

api-dev.bizmatch.net {
  reverse_proxy host.docker.internal:3000 {
    header_up X-Real-IP {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
    header_up CF-IPCountry {http.request.header.CF-IPCountry}
  }
}

mailsync.bizmatch.net {
  reverse_proxy host.docker.internal:5000 {
    header_up X-Real-IP {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
    header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
    header_up CF-IPCountry {http.request.header.CF-IPCountry}
  }
}

# Ergänzung für Ihre bestehende Caddyfile
# Diese Blöcke zu Ihrer bestehenden Konfiguration hinzufügen:

# Webmail Interface
mail.andreasknuth.de {
    reverse_proxy wildduck-webmail:3000
    
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"
        -Server
    }
    
    log {
        output file /var/log/caddy/mail.andreasknuth.de.log
        format json
    }
}

# API Endpoint (für Management)
api-mail.andreasknuth.de {
    reverse_proxy wildduck-server:8080
    
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
    }
    
    log {
        output file /var/log/caddy/api-mail.andreasknuth.de.log
        format json
    }
}

# Autodiscover für E-Mail-Clients
autodiscover.andreasknuth.de {
    header Content-Type "application/xml"
    respond `<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
        <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <Protocol>
                <Type>IMAP</Type>
                <Server>mail.andreasknuth.de</Server>
                <Port>993</Port>
                <DomainRequired>off</DomainRequired>
                <LoginName>{email}</LoginName>
                <SPA>off</SPA>
                <SSL>on</SSL>
                <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
                <Type>SMTP</Type>
                <Server>mail.andreasknuth.de</Server>
                <Port>587</Port>
                <DomainRequired>off</DomainRequired>
                <LoginName>{email}</LoginName>
                <SPA>off</SPA>
                <Encryption>TLS</Encryption>
                <AuthRequired>on</AuthRequired>
                <UsePOPAuth>off</UsePOPAuth>
                <SMTPLast>off</SMTPLast>
            </Protocol>
        </Account>
    </Response>
</Autodiscover>`
}

# Autoconfig für Mozilla Thunderbird
autoconfig.andreasknuth.de {
    header Content-Type "application/xml"
    respond `<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
    <emailProvider id="andreasknuth.de">
        <domain>andreasknuth.de</domain>
        <displayName>Andreas Knuth Mail</displayName>
        <displayShortName>AK Mail</displayShortName>
        <incomingServer type="imap">
            <hostname>mail.andreasknuth.de</hostname>
            <port>993</port>
            <socketType>SSL</socketType>
            <authentication>password-cleartext</authentication>
            <username>%EMAILADDRESS%</username>
        </incomingServer>
        <outgoingServer type="smtp">
            <hostname>mail.andreasknuth.de</hostname>
            <port>587</port>
            <socketType>STARTTLS</socketType>
            <authentication>password-cleartext</authentication>
            <username>%EMAILADDRESS%</username>
        </outgoingServer>
    </emailProvider>
</clientConfig>`
}