# Caddyfile — serve static frontend, proxy /api + /ws to backend # handle blocks are mutually exclusive + ordered: API/WS first, static last. # (try_files at site level would rewrite /api/* → /index.html before proxy.) { # admin off for docker admin off } :80 { encode gzip # REST API → backend service (path preserved: /api/doc etc.) handle /api/* { reverse_proxy backend:4001 { header_up Host {host} } } # WebSocket upgrade → backend handle /ws { reverse_proxy backend:4001 } # Everything else: static SPA with client-side routing fallback handle { root * /srv try_files {path} /index.html file_server } # HTTP basic auth (in-house only). Uncomment + set CADDY_BASIC_AUTH env. # basic_auth { # {$CADDY_BASIC_AUTH} # } }