{ log { output file /var/log/caddy/logfile.log level INFO } admin localhost:2019 servers { metrics } email !{!{ YOUR EMAIL ADDRESS }!}! } # This is an extremely permissive CORS config. Dial it back as your use case allows. (cors) { @cors_preflight method OPTIONS header { Access-Control-Allow-Origin "*" Access-Control-Expose-Headers "Authorization" Access-Control-Allow-Credentials "true" Access-Control-Allow-Headers "Authorization, Content-Type" } handle @cors_preflight { header { Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE" Access-Control-Max-Age "3600" } respond "" 204 } } # Specify which endpoints are public, one or more methods of API key authentication, and your load balancing priority (if any) !{!{ YOUR SIJAPI SUBDOMAIN }!}! { import cors @public { path /img/* /oauth /oauth/* /MS365 /MS365/* /ip /health /health* /health/* /id /identity } @apiKeyAuthHeader { header Authorization "Bearer !{!{ YOUR GLOBAL_API_KEY }!}!" } @apiKeyAuthQuery { query api_key=!{!{ YOUR GLOBAL_API_KEY }!}! } handle @public { reverse_proxy { to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}! lb_policy first health_uri /health health_interval 10s health_timeout 5s health_status 2xx header_up X-Forwarded-For {remote} header_up X-Forwarded-Proto {scheme} } } handle @apiKeyAuthHeader { reverse_proxy { to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}! lb_policy first health_uri /health health_interval 10s health_timeout 5s health_status 2xx } } handle @apiKeyAuthQuery { reverse_proxy { to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}! lb_policy first health_uri /health health_interval 10s health_timeout 5s health_status 2xx } } handle { respond "Unauthorized: Valid API key required" 401 } tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} } log { output file /var/log/caddy/sijapi.log { roll_size 100mb roll_keep 5 roll_keep_for 720h } format json { time_format "iso8601" message_key "message" } } }