# Caddyfile for Soundboard Application # Replace yourdomain.com with your actual domain :80 { # Enable compression encode gzip # Security headers header { # Security headers Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options "nosniff" X-Frame-Options "DENY" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" # Remove server information -Server } # API routes - proxy to FastAPI backend handle /api/* { reverse_proxy localhost:8000 { # Headers for proper proxying header_up Host {upstream_hostport} header_up X-Real-IP {remote_host} } } # WebSocket connections for real-time features handle /socket.io/* { reverse_proxy localhost:8000 { # WebSocket support header_up Connection {>Connection} header_up Upgrade {>Upgrade} header_up Host {upstream_hostport} header_up X-Real-IP {remote_host} } } # Static assets (built frontend) - serve from dist directory handle { # Serve static files from the built frontend root * /var/www/sdb # Cache static assets for better performance @static { path *.js *.css *.woff *.woff2 *.ttf *.eot *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp } header @static { Cache-Control "public, max-age=31536000, immutable" } # Try files, fallback to index.html for SPA routing try_files {path} /index.html file_server } # Logging log { output file /var/log/caddy/soundboard-access.log { roll_size 100mb roll_keep 5 roll_keep_for 720h } format json level INFO } }