From 48b0e7c508629cea1b219a292149635282737b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolai=20S=C3=B8borg?= <8722223+NicolaiSoeborg@users.noreply.github.com> Date: Wed, 26 Nov 2025 13:08:39 +0100 Subject: [PATCH] Reverse Proxy: Caddy example --- src/administration-guide/security/caddy.md | 22 ++++++++++++++++++++ src/administration-guide/security/network.md | 5 +++-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 src/administration-guide/security/caddy.md diff --git a/src/administration-guide/security/caddy.md b/src/administration-guide/security/caddy.md new file mode 100644 index 0000000..2d239c4 --- /dev/null +++ b/src/administration-guide/security/caddy.md @@ -0,0 +1,22 @@ +
+ Administration Guide + → Security + → Caddy config +
+ + +# Caddy config + +Caddy supports websockets and will by default only enable secure TLS ciphers (TLS1.2 + TLS1.3), so minimal config is needed. + +Example `/etc/caddy/Caddyfile` config: + +``` +example.com { + reverse_proxy 127.0.0.1:3000 { + header_up X-Real-IP {client_ip} + } +} +``` + +If Caddy can't request a TLS cert using ACME (e.g. due to firewall or using internal domains), then add `tls internal` to the config. diff --git a/src/administration-guide/security/network.md b/src/administration-guide/security/network.md index ba8a1e9..466fc54 100644 --- a/src/administration-guide/security/network.md +++ b/src/administration-guide/security/network.md @@ -13,7 +13,7 @@ Why use encrypted connections? See: [Article from Cloudflare](https://www.cloudf Options you have: * [VPN](#vpn) -* [SSL](#ssl) +* [TLS](#tls) --- @@ -21,7 +21,7 @@ Options you have: You can use a Client-to-Site VPN, that terminates on the Semaphore server, to encrypt & secure the connection. -## SSL +## TLS Semaphore supports SSL/TLS starting from v2.12. @@ -50,6 +50,7 @@ Alternatively, you can use a reverse proxy in front of Semaphore to handle secur * [NGINX](./nginx.md) * [Apache](./apache.md) +* [Caddy](./caddy.md) ### Self-signed SSL certificate