Description
Integrate Caddy as the SSL terminator and reverse proxy in the docker-compose stack. This will:
- Resolve SSL issues when running the stack on non-local host environments.
- Mitigate IP-spoofing rate-limit bypasses by sanitizing the incoming
X-Forwarded-For header.
Key Requirements
- Add Caddy to the
docker-compose.yml configuration.
- Configure Caddy to manage SSL/TLS certificates (e.g., using Let's Encrypt / ZeroSSL or self-signed for dev).
- Explicitly configure Caddy to overwrite/sanitize the
X-Forwarded-For and X-Real-IP headers (e.g., by ensuring the client cannot pass spoofed values through) before forwarding requests to the Puma/Ruby application.
Description
Integrate Caddy as the SSL terminator and reverse proxy in the
docker-composestack. This will:X-Forwarded-Forheader.Key Requirements
docker-compose.ymlconfiguration.X-Forwarded-ForandX-Real-IPheaders (e.g., by ensuring the client cannot pass spoofed values through) before forwarding requests to the Puma/Ruby application.