3c79b63db5
- Astro 6 + React + Tailwind v4 Projekt-Skelett mit allen Marketing-Seiten (Home, Module, Tester, Souveränität, Roadmap, Kontakt, Impressum, Datenschutz) - Self-hosted Outfit + JetBrains Mono Fonts (DSGVO) - Marketing-Komponenten gemäss CLAUDE.md §5.6 (NumberedItem, ModuleCard, StatusDot, TechStrip, SovereigntyBlock, RoadmapTimeline, etc.) - Module-Daten in src/content/module.ts als Single Source of Truth - E2E Smoke-Tests via Playwright - OG-Image-Generator - Forgejo Workflow .forgejo/workflows/deploy.yml für Tier-2 Static Deploy - Infra-as-Code Snapshot in infra/marketing-vps/ - Brand-System Submodule auf Forgejo umgezogen (war GitHub) - Deployment- und Handoff-Dokumentation - .DS_Store aus Tracking entfernt, .gitignore um Test-Artefakte ergaenzt
112 lines
2.8 KiB
Caddyfile
112 lines
2.8 KiB
Caddyfile
# Marketing-VPS Caddyfile — wird auf marketing.digiformer.eu deployt
|
|
#
|
|
# Eine Caddy-Instanz hostet alle statischen Marken-Sites über file_server.
|
|
# Per-Marke ein Block. Jede Marke hat ihren eigenen Verzeichnis-Tree unter /var/www/<domain>/.
|
|
# Forgejo Actions rsync't den Astro-Build-Output dorthin.
|
|
{
|
|
# globale Optionen
|
|
email pascal.oelmann@digiformer.net
|
|
servers {
|
|
metrics # Prometheus-Endpoint :2019/metrics für späteres Monitoring
|
|
}
|
|
}
|
|
|
|
# — slimcore.io —
|
|
slimcore.io, www.slimcore.io {
|
|
root * /var/www/slimcore.io
|
|
encode zstd gzip
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-Content-Type-Options nosniff
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
Permissions-Policy "interest-cohort=()"
|
|
-Server
|
|
}
|
|
|
|
# Astro generiert echte HTML-Files für jede Route, kein SPA-Fallback nötig
|
|
# /index.html, /en/index.html, /module/index.html, /en/module/index.html, etc.
|
|
file_server
|
|
|
|
# Sitemap, robots.txt, OG-Image direkt aus dem Root
|
|
@static_root path /sitemap-*.xml /robots.txt /favicon.svg /og-default.png
|
|
handle @static_root {
|
|
file_server
|
|
}
|
|
|
|
# Cache-Header pro Asset-Typ
|
|
@assets path /_astro/* /fonts/*
|
|
handle @assets {
|
|
header Cache-Control "public, max-age=31536000, immutable"
|
|
}
|
|
|
|
@html path *.html /
|
|
handle @html {
|
|
header Cache-Control "public, max-age=300, must-revalidate"
|
|
}
|
|
|
|
# Redirects — sollten in Astro-Site selbst leben, aber als Sicherheits-Netz hier
|
|
redir /home / permanent
|
|
redir /index / permanent
|
|
|
|
log {
|
|
output file /var/log/caddy/slimcore.io.log {
|
|
roll_size 100MiB
|
|
roll_keep 14
|
|
}
|
|
format json
|
|
}
|
|
}
|
|
|
|
# — digiformer.eu — (sobald migriert)
|
|
digiformer.eu, www.digiformer.eu {
|
|
root * /var/www/digiformer.eu
|
|
encode zstd gzip
|
|
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
file_server
|
|
log {
|
|
output file /var/log/caddy/digiformer.eu.log
|
|
}
|
|
}
|
|
|
|
# — slimsafe.io — (sobald Marketing-Site existiert)
|
|
slimsafe.io, www.slimsafe.io {
|
|
root * /var/www/slimsafe.io
|
|
encode zstd gzip
|
|
header Strict-Transport-Security "max-age=31536000"
|
|
file_server
|
|
log {
|
|
output file /var/log/caddy/slimsafe.io.log
|
|
}
|
|
}
|
|
|
|
# — fonboard.io — (sobald Marketing-Site existiert)
|
|
fonboard.io, www.fonboard.io {
|
|
root * /var/www/fonboard.io
|
|
encode zstd gzip
|
|
header Strict-Transport-Security "max-age=31536000"
|
|
file_server
|
|
log {
|
|
output file /var/log/caddy/fonboard.io.log
|
|
}
|
|
}
|
|
|
|
# — Status-Page (intern, basicauth-geschützt) —
|
|
status.digiformer.eu {
|
|
reverse_proxy 127.0.0.1:3001
|
|
basicauth {
|
|
# caddy hash-password generiert den bcrypt-Hash
|
|
# echtes Passwort beim Setup setzen
|
|
pascal $2a$14$REPLACE_WITH_BCRYPT_HASH
|
|
}
|
|
}
|
|
|
|
# Catch-all — unbekannte Hostnames bekommen 404, kein Default-Server
|
|
:80 {
|
|
respond "Not Found" 404
|
|
}
|
|
|
|
:443 {
|
|
respond "Not Found" 404
|
|
}
|