Updated production mode to use a reverse proxy to route traffic to the services using a single URL/endpoint.
Caddy will route traffic to the /agent path to ACA-Py, and /dav to the controller.
Standard security headers as well as basic rate-limiting was added.
Caddy should take care of issuing SSL certificates using Letsencrypt, however I was unable to test end-to-end since ngrok appears to take over the process and interferes with the resolution of the challenge - might need help validating this.
Instructions have been updated and simplified to only expose and require customization of necessary parameters - all standard values have been set in docker-compose-prod.yaml.
Updated production mode to use a reverse proxy to route traffic to the services using a single URL/endpoint.
Caddy will route traffic to the
/agent
path to ACA-Py, and/dav
to the controller. Standard security headers as well as basic rate-limiting was added.Caddy should take care of issuing SSL certificates using Letsencrypt, however I was unable to test end-to-end since ngrok appears to take over the process and interferes with the resolution of the challenge - might need help validating this.
Instructions have been updated and simplified to only expose and require customization of necessary parameters - all standard values have been set in
docker-compose-prod.yaml
.