6 changed files with 62 additions and 137 deletions
--- a/proxy/Caddyfile
+++ b/proxy/Caddyfile
@@ -0,0 +1,52 @@
 # Global options
 {
 	# Disable auto HTTPS since we're using existing certificates
 	auto_https off
 }
 # HTTP to HTTPS redirect
 :80 {
 	redir https://{host}{uri} permanent
 }
 # Main domain - oily.dad and www.oily.dad
 oily.dad, www.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Onion-Location header
 	header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}
 	# Reverse proxy to backend
 	reverse_proxy http://backend:8000 {
 		# Preserve original host header
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Gitea - gut.oily.dad
 gut.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Gitea
 	reverse_proxy http://gitea:3000 {
 		# WebSocket support for Gitea
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@@ -1,2 +1,10 @@
-FROM nginx:alpine
+FROM caddy:alpine
-COPY conf /etc/nginx/conf.d/default.conf
+
 # Copy Caddyfile configuration
 COPY Caddyfile /etc/caddy/Caddyfile
 # Create directory for www root
 RUN mkdir -p /var/www/html
 # Caddy runs as non-root user by default
 # Ports 80 and 443 are exposed by the base image
--- a/proxy/baseconf
+++ b/proxy/baseconf
@@ -1,12 +0,0 @@
 server {
    listen       80;
    server_name  localhost;
    location / {
        proxy_pass   http://backend:8000;
    }
    location /gutty{
        proxy_pass   http://gitea:3000;
    }
 }
--- a/proxy/conf
+++ b/proxy/conf
@@ -1,53 +0,0 @@
 #server {
 #    listen       80;
 #    server_name  localhost;
 #    location / {
 #        proxy_pass   http://backend:8000;
 #    }
 # always redirect to https
 server {
 	listen 80 default_server;
 	server_name _;
 	return 301 https://$host$request_uri;
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name oily.dad www.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
 	location / {
 		proxy_pass http://backend:8000/;
 	}
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name gut.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	location / {
 		client_max_body_size 512M;
 	        #proxy_pass http://localhost:3000;
 	        proxy_set_header Connection $http_connection;
        	proxy_set_header Upgrade $http_upgrade;
 	        proxy_set_header Host $host;
 	        proxy_set_header X-Real-IP $remote_addr;
 	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	        proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_pass http://gitea:3000/;
 	}
 }
--- a/proxy/giteaconf
+++ b/proxy/giteaconf
@@ -1,17 +0,0 @@
 server {
    listen       80;
    server_name  localhost;
    location / {
        client_max_body_size 512M;
        #proxy_pass http://localhost:3000;
        proxy_pass http://gitea:3000;
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 } 
--- a/proxy/sslconf
+++ b/proxy/sslconf
@@ -1,53 +0,0 @@
 #server {
 #    listen       80;
 #    server_name  localhost;
 #    location / {
 #        proxy_pass   http://backend:8000;
 #    }
 # always redirect to https
 server {
 	listen 80 default_server;
 	server_name _;
 	return 301 https://$host$request_uri;
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name oily.dad www.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
 	location / {
 		proxy_pass http://backend:8000/;
 	}
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name gut.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	location / {
 		client_max_body_size 512M;
 	        #proxy_pass http://localhost:3000;
 	        proxy_set_header Connection $http_connection;
        	proxy_set_header Upgrade $http_upgrade;
 	        proxy_set_header Host $host;
 	        proxy_set_header X-Real-IP $remote_addr;
 	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	        proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_pass http://gitea:3000/;
 	}
 }