SurfSense/docker/proxy/Caddyfile

{
	# Optional ACME/global settings. These are harmless in the default :80
	# localhost mode and become active when SURFSENSE_SITE_ADDRESS is a domain.
	{$CERT_EMAIL}
	acme_ca {$CERT_ACME_CA:https://acme-v02.api.letsencrypt.org/directory}
	{$CERT_ACME_DNS}
	servers {
		client_ip_headers X-Forwarded-For X-Real-IP
		trusted_proxies static {$TRUSTED_PROXIES:0.0.0.0/0}
	}
}

(surfsense_proxy) {
	request_body {
		max_size {$SURFSENSE_MAX_BODY_SIZE:5GB}
	}

	# Frontend-owned auth page (the post-login token handler). More specific than
	# /auth/*, so Caddy's matcher-specificity sort routes it here, not to backend.
	reverse_proxy /auth/callback* frontend:3000

	# Backend auth routes (FastAPI Users + OAuth helpers).
	reverse_proxy /auth/* backend:8000

	# Backend user profile routes (FastAPI Users users router, mounted at /users).
	reverse_proxy /users/* backend:8000

	# Backend REST, streaming, connector OAuth, and messaging gateway endpoints.
	# FastAPI already serves /api/v1, so the path is forwarded unchanged.
	reverse_proxy /api/v1/* backend:8000 {
		flush_interval -1
	}

	# Zero accepts a single path-component base URL (Zero >= 0.6).
	# Preserve /zero so browser cacheURL can be ${SURFSENSE_PUBLIC_URL}/zero.
	reverse_proxy /zero/* zero-cache:4848

	# Next.js app and frontend-owned API routes:
	# /api/zero/*, /api/search, /api/contact, etc.
	reverse_proxy /* frontend:3000
}

{$SURFSENSE_SITE_ADDRESS::80} {
	import surfsense_proxy
}
feat(docker): add caddy reverse proxy assets 2026-06-15 11:03:12 +05:30			`{`
			`# Optional ACME/global settings. These are harmless in the default :80`
			`# localhost mode and become active when SURFSENSE_SITE_ADDRESS is a domain.`
			`{$CERT_EMAIL}`
			`acme_ca {$CERT_ACME_CA:https://acme-v02.api.letsencrypt.org/directory}`
			`{$CERT_ACME_DNS}`
			`servers {`
			`client_ip_headers X-Forwarded-For X-Real-IP`
			`trusted_proxies static {$TRUSTED_PROXIES:0.0.0.0/0}`
			`}`
			`}`

			`(surfsense_proxy) {`
			`request_body {`
			`max_size {$SURFSENSE_MAX_BODY_SIZE:5GB}`
			`}`

feat(docker): update Caddyfile to include specific reverse proxy routes for frontend auth and backend user profiles 2026-06-16 04:36:26 +05:30			`# Frontend-owned auth page (the post-login token handler). More specific than`
			`# /auth/*, so Caddy's matcher-specificity sort routes it here, not to backend.`
			`reverse_proxy /auth/callback* frontend:3000`

feat(docker): add caddy reverse proxy assets 2026-06-15 11:03:12 +05:30			`# Backend auth routes (FastAPI Users + OAuth helpers).`
			`reverse_proxy /auth/* backend:8000`

feat(docker): update Caddyfile to include specific reverse proxy routes for frontend auth and backend user profiles 2026-06-16 04:36:26 +05:30			`# Backend user profile routes (FastAPI Users users router, mounted at /users).`
			`reverse_proxy /users/* backend:8000`

feat(docker): add caddy reverse proxy assets 2026-06-15 11:03:12 +05:30			`# Backend REST, streaming, connector OAuth, and messaging gateway endpoints.`
			`# FastAPI already serves /api/v1, so the path is forwarded unchanged.`
fix(docker): disable response buffering for backend streaming 2026-06-16 02:11:32 +05:30			`reverse_proxy /api/v1/* backend:8000 {`
			`flush_interval -1`
			`}`
feat(docker): add caddy reverse proxy assets 2026-06-15 11:03:12 +05:30
			`# Zero accepts a single path-component base URL (Zero >= 0.6).`
			`# Preserve /zero so browser cacheURL can be ${SURFSENSE_PUBLIC_URL}/zero.`
			`reverse_proxy /zero/* zero-cache:4848`

			`# Next.js app and frontend-owned API routes:`
			`# /api/zero/*, /api/search, /api/contact, etc.`
			`reverse_proxy /* frontend:3000`
			`}`

			`{$SURFSENSE_SITE_ADDRESS::80} {`
			`import surfsense_proxy`
			`}`