buckets/frankenphp/Caddyfile
myrmidex f16e279f58
All checks were successful
CI / backend (push) Successful in 20m34s
CI / frontend (push) Successful in 1m2s
CI / e2e (push) Successful in 21m57s
35 - Add prod image SPA serving, health endpoint, and Forgejo CI
2026-06-30 21:07:45 +02:00

82 lines
1.8 KiB
Caddyfile

{
skip_install_trust
{$CADDY_GLOBAL_OPTIONS}
frankenphp {
{$FRANKENPHP_CONFIG}
}
}
{$CADDY_EXTRA_CONFIG}
{$SERVER_NAME:localhost} {
log {
{$CADDY_SERVER_LOG_OPTIONS}
# Redact the authorization query parameter that can be set by Mercure
format filter {
request>uri query {
replace authorization REDACTED
}
}
}
root /app/public
encode zstd br gzip
mercure {
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
{$CADDY_SERVER_EXTRA_DIRECTIVES}
# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
header ?Permissions-Policy "browsing-topics=()"
# Backend (Symfony) owns /api/* and Mercure; everything else is the SPA.
# `route` preserves declaration order so the backend matchers win before the
# SPA catch-all.
@backend path /api/* /.well-known/mercure*
handle @backend {
@phpRoute {
not path /.well-known/mercure*
not file {path}
}
rewrite @phpRoute index.php
@frontController path index.php
php @frontController {
{$FRANKENPHP_SITE_CONFIG}
worker {
file ./public/index.php
{$FRANKENPHP_WORKER_CONFIG}
}
}
file_server {
hide *.php
}
}
# Single-page app: serve built static assets, falling back to index.html so
# client-side routes (/login, /register, …) resolve. The dist is copied to
# /app/frontend-dist by the prod image build (see Dockerfile).
handle {
root * /app/frontend-dist
try_files {path} /index.html
file_server
}
}