first commit

openproject/proxy/Caddyfile.template

@@ -0,0 +1,26 @@
+{
+    # Global options
+    servers {
+        # Configure trusted proxies to correctly handle forwarded headers from Traefik
+        trusted_proxies static private_ranges
+    }
+}
+
+:80 {
+    reverse_proxy * http://${APP_HOST}:8080 {
+        # The following directives are needed to make the proxy forward explicitly the X-Forwarded-* headers. If unset,
+        # Caddy will reset them. See: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#defaults
+        # This is needed, if you are using a reverse proxy in front of the compose stack and Caddy is NOT your first
+        # point of contact.
+        # When using Caddy is reachable as a first point of contact, it is highly recommended to configure the server's
+        # global `trusted_proxies` directive. See: https://caddyserver.com/docs/caddyfile/options#trusted-proxies
+
+        header_up X-Forwarded-Proto {header.X-Forwarded-Proto}
+        header_up X-Forwarded-For {header.X-Forwarded-For}
+        header_up X-Forwarded-Host {header.X-Forwarded-Host}
+    }
+
+    file_server
+
+    log
+}

openproject/proxy/Dockerfile

@@ -0,0 +1,8 @@
+FROM caddy:2
+
+COPY ./Caddyfile.template /etc/caddy/Caddyfile.template
+
+ARG APP_HOST
+RUN sed 's|${APP_HOST}|'"$APP_HOST"'|g' /etc/caddy/Caddyfile.template > /etc/caddy/Caddyfile
+
+ENTRYPOINT ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]