docs: add comprehensive deployment guide and Caddy configuration

- Create detailed deployment documentation - Add Caddyfile.example with security headers and API proxy - Document SystemD service setup for Go API - Include database backup strategy - Add troubleshooting guide - Document OAuth configuration steps - Add build and deployment commands - Test production build successfully (340KB static site)
2026-01-06 16:19:34 +01:00
parent 8145645252
commit 7ea78d3b54
2 changed files with 413 additions and 0 deletions
@@ -0,0 +1,63 @@
+# Caddy configuration for Opal Task Manager
+# Copy to /etc/caddy/Caddyfile and customize
+
+opal.example.com {
+	# Root directory for static PWA build
+	root * /var/www/opal
+	
+	# API reverse proxy - strip /api prefix before forwarding
+	handle /api/* {
+		uri strip_prefix /api
+		reverse_proxy localhost:8080 {
+			# Optional: custom headers
+			header_up X-Real-IP {remote_host}
+			header_up X-Forwarded-Proto {scheme}
+		}
+	}
+	
+	# Static file serving with SPA fallback
+	handle {
+		# Try to serve static file, fallback to index.html for client-side routing
+		try_files {path} /index.html
+		file_server
+	}
+	
+	# Security headers
+	header {
+		# Force HTTPS
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		
+		# Prevent clickjacking
+		X-Frame-Options "SAMEORIGIN"
+		
+		# XSS protection
+		X-Content-Type-Options "nosniff"
+		
+		# Content Security Policy (adjust as needed)
+		Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' https://auth.example.com; font-src 'self';"
+		
+		# Remove server info
+		-Server
+	}
+	
+	# Logging
+	log {
+		output file /var/log/caddy/opal.log {
+			roll_size 10MB
+			roll_keep 5
+		}
+		format json
+	}
+	
+	# Compression
+	encode gzip zstd
+	
+	# Rate limiting (optional)
+	# rate_limit {
+	#     zone opal {
+	#         key {remote_host}
+	#         events 100
+	#         window 1m
+	#     }
+	# }
+}