# Caddy reverse proxy for floonet-rs, with automatic HTTPS. # # floonet-rs serves everything on one port: the websocket relay, the # NIP-11 document, the landing page, and (when enabled) the name # authority endpoints. Point your domain at this host and Caddy obtains # certificates automatically. # # SECURITY-CRITICAL: X-Real-IP must be set from the real client address. # The relay and the name authority key ALL of their per-IP rate limiting # off this header (config.toml `remote_ip_header = "x-real-ip"`); if the # proxy does not set it, every request looks like one client and the # limiter is defeated. Caddy's {remote_host} is the connecting peer, not # a forwardable client header. relay.example.com { reverse_proxy 127.0.0.1:8080 { header_up X-Real-IP {remote_host} } }