xboard
36 lines
1.1 KiB
Caddyfile
36 lines
1.1 KiB
Caddyfile
# Xboard protocol fusion entrypoint.
|
|
#
|
|
# Caddy listens on a single public port and dispatches HTTP traffic to Octane
|
|
# while transparently upgrading WebSocket requests to the ws-server worker.
|
|
# This lets every external reverse proxy (nginx, Cloudflare, the user's own
|
|
# Caddy, ...) treat the panel as a single upstream and avoids exposing the
|
|
# 8076 WebSocket port directly.
|
|
{
|
|
admin off
|
|
auto_https off
|
|
persist_config off
|
|
log {
|
|
output stdout
|
|
format console
|
|
}
|
|
servers {
|
|
trusted_proxies static 0.0.0.0/0 ::/0
|
|
}
|
|
}
|
|
|
|
:{$CADDY_LISTEN_PORT:7001} {
|
|
@ws path /ws
|
|
reverse_proxy @ws 127.0.0.1:{$WS_PORT:8076}
|
|
|
|
reverse_proxy 127.0.0.1:{$OCTANE_INTERNAL_PORT:7002} {
|
|
header_up Host {host}
|
|
# X-Forwarded-For is auto-appended with our remote_addr by Caddy
|
|
# (enabled by the global trusted_proxies above), so Octane receives the
|
|
# full proxy chain and Laravel's TrustProxies middleware resolves the
|
|
# real client IP using its own trust list. We additionally surface the
|
|
# directly-connected peer as X-Real-IP for downstream consumers (logs,
|
|
# admin tools) that read it directly without TrustProxies.
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|