Caddyfile documentation (#8798)

* basic mixin file * Add basic check for model type support * Enhanced documentation for Caddyfile * Additional documentation around proxy server * Remove code from other PR
2025-06-13 10:35:40 +00:00 · 2024-12-31 13:35:51 +11:00
parent 23e4f2f2a2
commit ecc1c937ed
3 changed files with 59 additions and 9 deletions
--- a/contrib/container/Caddyfile
+++ b/contrib/container/Caddyfile
@ -4,14 +4,18 @@
 # - INVENTREE_SERVER: The internal URL of the InvenTree container (default: http://inventree-server:8000)
 #
 # Note that while this file is a good starting point, it may need to be modified to suit your specific requirements
+#
+# Ref to the Caddyfile documentation: https://caddyserver.com/docs/caddyfile


+# Logging configuration for Caddy
 (log_common) {
 	log {
 		output file /var/log/caddy/{args[0]}.access.log
 	}
 }

+# CORS headers control (used for static and media files)
 (cors-headers) {
 	header Allow GET,HEAD,OPTIONS
 	header Access-Control-Allow-Origin *
@ -25,8 +29,10 @@
 	}
 }

-# Change the host to your domain (this will serve at inventree.localhost)
-{$INVENTREE_SITE_URL:inventree.localhost} {
+# The default server address is configured in the .env file
+# If not specified, the default address is used - http://inventree.localhost
+# If you need to listen on multiple addresses, or use a different port, you can modify this section directly
+{$INVENTREE_SITE_URL:http://inventree.localhost} {
 	import log_common inventree

 	encode gzip
@ -35,6 +41,7 @@
 		max_size 100MB
 	}

+	# Handle static request files
 	handle_path /static/* {
 		import cors-headers static

@ -42,18 +49,31 @@
 		file_server
 	}

+	# Handle media request files
 	handle_path /media/* {
 		import cors-headers media

 		root * /var/www/media
 		file_server

+		# Force download of media files (for security)
+		# Comment out this line if you do not want to force download
 		header Content-Disposition attachment

+		# Authentication is handled by the forward_auth directive
+		# This is required to ensure that media files are only accessible to authenticated users
 		forward_auth {$INVENTREE_SERVER:"http://inventree-server:8000"} {
 			uri /auth/
 		}
 	}

-	reverse_proxy {$INVENTREE_SERVER:"http://inventree-server:8000"}
+	# All other requests are proxied to the InvenTree server
+	reverse_proxy {$INVENTREE_SERVER:"http://inventree-server:8000"} {
+
+		# If you are running behind another proxy, you may need to specify 'trusted_proxies'
+		trusted_proxies {
+			# enter your trusted proxy IP addresses here
+		}
+
+	}
 }