lmiranda
2d51df7a42
Phase 1b: Rename all ~94 commands across 12 plugins to /<noun> <action> sub-command pattern. Git-flow consolidated from 8→5 commands (commit variants absorbed into --push/--merge/--sync flags). Dispatch files, name: frontmatter, and cross-reference updates for all plugins. Phase 2: Design documents for 8 new plugins in docs/designs/. Phase 3: Scaffold 8 new plugins — saas-api-platform, saas-db-migrate, saas-react-platform, saas-test-pilot, data-seed, ops-release-manager, ops-deploy-pipeline, debug-mcp. Each with plugin.json, commands, agents, skills, README, and claude-md-integration. Marketplace grows from 12→20. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
127 lines
2.2 KiB
Markdown
127 lines
2.2 KiB
Markdown
# Caddy Conventions Skill
|
|
|
|
Caddyfile patterns for reverse proxy configuration in self-hosted environments.
|
|
|
|
## Subdomain Routing
|
|
|
|
Each service gets a subdomain of the server hostname:
|
|
|
|
```caddyfile
|
|
myapp.hotport {
|
|
reverse_proxy app:8080
|
|
}
|
|
```
|
|
|
|
For services on non-standard ports:
|
|
```caddyfile
|
|
myapp.hotport {
|
|
reverse_proxy app:3000
|
|
}
|
|
```
|
|
|
|
## Reverse Proxy Directives
|
|
|
|
### Basic Reverse Proxy
|
|
|
|
```caddyfile
|
|
subdomain.hostname {
|
|
reverse_proxy container_name:port
|
|
}
|
|
```
|
|
|
|
### With Health Checks
|
|
|
|
```caddyfile
|
|
subdomain.hostname {
|
|
reverse_proxy container_name:port {
|
|
health_uri /health
|
|
health_interval 30s
|
|
health_timeout 10s
|
|
}
|
|
}
|
|
```
|
|
|
|
### Load Balancing (Multiple Instances)
|
|
|
|
```caddyfile
|
|
subdomain.hostname {
|
|
reverse_proxy app1:8080 app2:8080 {
|
|
lb_policy round_robin
|
|
}
|
|
}
|
|
```
|
|
|
|
## Security Headers
|
|
|
|
Apply to all sites:
|
|
|
|
```caddyfile
|
|
(security_headers) {
|
|
header {
|
|
X-Content-Type-Options nosniff
|
|
X-Frame-Options SAMEORIGIN
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
-Server
|
|
}
|
|
}
|
|
```
|
|
|
|
Import in site blocks: `import security_headers`
|
|
|
|
## Rate Limiting
|
|
|
|
For API endpoints:
|
|
|
|
```caddyfile
|
|
subdomain.hostname {
|
|
rate_limit {
|
|
zone api_zone {
|
|
key {remote_host}
|
|
events 100
|
|
window 1m
|
|
}
|
|
}
|
|
reverse_proxy app:8080
|
|
}
|
|
```
|
|
|
|
## Docker Network Integration
|
|
|
|
Caddy must be on the same Docker network as the target service to use container DNS names. The Caddy container needs:
|
|
|
|
```yaml
|
|
networks:
|
|
- caddy-network
|
|
- app-network # Join each app's network
|
|
```
|
|
|
|
## CORS Configuration
|
|
|
|
```caddyfile
|
|
subdomain.hostname {
|
|
header Access-Control-Allow-Origin "*"
|
|
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
header Access-Control-Allow-Headers "Content-Type, Authorization"
|
|
|
|
@options method OPTIONS
|
|
respond @options 204
|
|
|
|
reverse_proxy app:8080
|
|
}
|
|
```
|
|
|
|
## Automatic HTTPS
|
|
|
|
- Caddy provides automatic HTTPS for public domains
|
|
- For local `.hotport` subdomains, use HTTP only (no valid TLS cert)
|
|
- For Tailscale access, consider `tls internal` for self-signed certs
|
|
|
|
## File Server (Static Assets)
|
|
|
|
```caddyfile
|
|
files.hotport {
|
|
root * /srv/files
|
|
file_server browse
|
|
}
|
|
```
|