gui.do
Barazo Docker Compose templates for self-hosting
barazo.forum
1# Barazo Caddyfile -- Reverse Proxy with Automatic SSL
2#
3# Caddy handles:
4# - Automatic HTTPS via Let's Encrypt (auto-renews)
5# - HTTP -> HTTPS redirect (automatic)
6# - HTTP/3 (QUIC) support
7# - Reverse proxy routing to API and Web services
8#
9# Set COMMUNITY_DOMAIN in your .env file (e.g., "forum.example.com").
10{
11 admin off
12}
13
14# ---------------------------------------------------------------------------
15# Documentation site (static export served from /var/www/docs.barazo.forum/)
16# ---------------------------------------------------------------------------
17docs.barazo.forum {
18 header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
19
20 root * /var/www/docs.barazo.forum
21 file_server
22
23 try_files {path} {path}index.html /404.html
24}
25
26{$COMMUNITY_DOMAIN} {
27 # HSTS -- enforce HTTPS for all future requests (2 years, preload-eligible)
28 header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
29
30 # Block /api/health/ready from external access (internal monitoring only)
31 @healthReady path /api/health/ready
32 handle @healthReady {
33 respond "Forbidden" 403 {
34 close
35 }
36 }
37
38 # OAuth metadata (AT Protocol requires PDS to fetch these from the client_id origin)
39 handle /oauth-client-metadata.json {
40 reverse_proxy barazo-api:3000
41 }
42 handle /jwks.json {
43 reverse_proxy barazo-api:3000
44 }
45
46 # API routes -> barazo-api:3000
47 handle /api/* {
48 reverse_proxy barazo-api:3000
49 }
50
51 # API documentation -> barazo-api:3000
52 handle /docs {
53 reverse_proxy barazo-api:3000
54 }
55 handle /docs/* {
56 reverse_proxy barazo-api:3000
57 }
58
59 # Everything else -> barazo-web:3001
60 handle {
61 reverse_proxy barazo-web:3001
62 }
63}