Initial commit - realms platform

devops/forgejo-server/Caddyfile

@@ -0,0 +1,40 @@
+# =============================================================================
+# Caddy Configuration for Forgejo
+# Automatic HTTPS with Let's Encrypt
+# =============================================================================
+
+{$FORGEJO_DOMAIN} {
+    # Reverse proxy to Forgejo
+    reverse_proxy forgejo:3000
+
+    # Enable compression
+    encode gzip zstd
+
+    # Security headers
+    header {
+        # HSTS
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        # Prevent clickjacking
+        X-Frame-Options "SAMEORIGIN"
+        # XSS protection
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+        # Referrer policy
+        Referrer-Policy "strict-origin-when-cross-origin"
+        # Remove server header
+        -Server
+    }
+
+    # Logging
+    log {
+        output file /data/access.log {
+            roll_size 10mb
+            roll_keep 5
+        }
+    }
+}
+
+# HTTP to HTTPS redirect (automatic with Caddy, but explicit for clarity)
+http://{$FORGEJO_DOMAIN} {
+    redir https://{$FORGEJO_DOMAIN}{uri} permanent
+}