diff --git a/.gitignore b/.gitignore index 085ce18e..07ead88a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ .venv/ __pycache__/ *.pyc +*.egg-info/ node_modules/ # Env / secrets diff --git a/Caddyfile b/Caddyfile index 2cedca2d..6e34375e 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,16 +1,34 @@ # Caddy config. # -# Two site blocks: -# 1. :80 — handles all HTTP traffic by IP (no domain yet) for development access. -# Returns plain HTTP, no TLS. Will be removed once a domain is bought. -# 2. gendesign.example.ru — production block with auto-TLS via Let's Encrypt. -# Activates only after DNS A-record is set on this domain. -# -# Replace gendesign.example.ru with your actual domain when bought. +# - gendsgn.ru — main production site, auto-TLS via Let's Encrypt. +# - www.gendsgn.ru — 301 redirect to apex (canonical URL). +# - :80 — fallback for raw IP access. Will be removed once everyone uses the domain. # # `handle /api/*` (NOT `handle_path`) — we keep the /api prefix because # the FastAPI router is mounted at /api/v1/*. +gendsgn.ru { + encode zstd gzip + + handle /api/* { + reverse_proxy backend:8000 + } + + handle /health { + reverse_proxy backend:8000 + } + + handle { + reverse_proxy frontend:3000 + } +} + +www.gendsgn.ru { + redir https://gendsgn.ru{uri} permanent +} + +# Plain HTTP by IP — kept for ssh-tunnel / debugging. +# Caddy issues no TLS here (no hostname). :80 { encode zstd gzip @@ -22,23 +40,6 @@ reverse_proxy backend:8000 } - # Frontend (Next.js) — catches everything else - handle { - reverse_proxy frontend:3000 - } -} - -gendesign.example.ru { - encode zstd gzip - - handle /api/* { - reverse_proxy backend:8000 - } - - handle /health { - reverse_proxy backend:8000 - } - handle { reverse_proxy frontend:3000 }