Files
floonet-rs/deploy/Caddyfile
T
Goblin 9fa97ebb5c
Test and build / test_floonet-rs (push) Has been cancelled
floonet-rs: hardened nostr-rs-relay for the Grin community
nostr-rs-relay + a default-deny admission pipeline (kinds 0,3,5,13,1059,
10002,10050,27235 only), NIP-42 auth, neutral NIP-11, a built-in name
authority (paid names via GoblinPay), and a config-toggled co-located
mixnet exit supervisor. Single binary + installer + hardened systemd, or
Docker Compose. Relay core untouched (additive admission + authority).
2026-07-02 08:22:18 -04:00

20 lines
786 B
Caddyfile

# Caddy reverse proxy for floonet-rs, with automatic HTTPS.
#
# floonet-rs serves everything on one port: the websocket relay, the
# NIP-11 document, the landing page, and (when enabled) the name
# authority endpoints. Point your domain at this host and Caddy obtains
# certificates automatically.
#
# SECURITY-CRITICAL: X-Real-IP must be set from the real client address.
# The relay and the name authority key ALL of their per-IP rate limiting
# off this header (config.toml `remote_ip_header = "x-real-ip"`); if the
# proxy does not set it, every request looks like one client and the
# limiter is defeated. Caddy's {remote_host} is the connecting peer, not
# a forwardable client header.
relay.example.com {
reverse_proxy 127.0.0.1:8080 {
header_up X-Real-IP {remote_host}
}
}