Skip to content

Use Caddy as SSL Terminator & Reverse Proxy to solve SSL issues and mitigate IP spoofing #1012

Description

@gildesmarais

Description

Integrate Caddy as the SSL terminator and reverse proxy in the docker-compose stack. This will:

  1. Resolve SSL issues when running the stack on non-local host environments.
  2. Mitigate IP-spoofing rate-limit bypasses by sanitizing the incoming X-Forwarded-For header.

Key Requirements

  1. Add Caddy to the docker-compose.yml configuration.
  2. Configure Caddy to manage SSL/TLS certificates (e.g., using Let's Encrypt / ZeroSSL or self-signed for dev).
  3. Explicitly configure Caddy to overwrite/sanitize the X-Forwarded-For and X-Real-IP headers (e.g., by ensuring the client cannot pass spoofed values through) before forwarding requests to the Puma/Ruby application.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Upcoming deliveries

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions