deploy/conduit/Caddyfile

# Caddy configuration for Conduit Matrix homeserver
# Location: /etc/caddy/conf.d/matrix.conf (imported by main Caddyfile)
# Reference: docs/matrix-fleet-comms/README.md

matrix.timmy.foundation {
    # Reverse proxy to Conduit
    reverse_proxy localhost:8448 {
        # Headers for WebSocket upgrade (client sync)
        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}
    }
    
    # Security headers
    header {
        X-Frame-Options DENY
        X-Content-Type-Options nosniff
        X-XSS-Protection "1; mode=block"
        Referrer-Policy strict-origin-when-cross-origin
        Permissions-Policy "geolocation=(), microphone=(), camera=()"
    }
    
    # Enable compression
    encode gzip zstd
    
    # Let's Encrypt automatic TLS
    tls {
        # Email for renewal notifications
        # Uncomment and set: email admin@timmy.foundation
    }
    
    # Logging
    log {
        output file /var/log/caddy/matrix-access.log {
            roll_size 100mb
            roll_keep 5
        }
    }
}

# Well-known delegation for Matrix federation
# Allows other servers to discover our homeserver
timmy.foundation {
    handle /.well-known/matrix/server {
        header Content-Type application/json
        respond `{"m.server": "matrix.timmy.foundation:443"}`
    }
    
    handle /.well-known/matrix/client {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"m.homeserver": {"base_url": "https://matrix.timmy.foundation"}}`
    }
    
    # Redirect root to Element Web or documentation
    redir / https://matrix.timmy.foundation permanent
}
[matrix] Add Conduit deployment scaffold for #166, #183 Architecture: - ADR-1: Conduit selected over Synapse/Dendrite (Rust, low resource) - ADR-2: Deploy on existing Gitea VPS initially - ADR-3: Full federation enabled Artifacts: - docs/matrix-fleet-comms/README.md (architecture + runbooks) - deploy/conduit/conduit.toml (production config) - deploy/conduit/conduit.service (systemd) - deploy/conduit/Caddyfile (reverse proxy) - deploy/conduit/install.sh (one-command installer) - deploy/conduit/scripts/backup.sh (automated backups) - deploy/conduit/scripts/health.sh (health monitoring) Closes #183 (scaffold complete) Progresses #166 (implementation unblocked) 2026-04-05 04:38:15 +00:00			`# Caddy configuration for Conduit Matrix homeserver`
			`# Location: /etc/caddy/conf.d/matrix.conf (imported by main Caddyfile)`
			`# Reference: docs/matrix-fleet-comms/README.md`

			`matrix.timmy.foundation {`
			`# Reverse proxy to Conduit`
			`reverse_proxy localhost:8448 {`
			`# Headers for WebSocket upgrade (client sync)`
			`header_up Host {host}`
			`header_up X-Real-IP {remote}`
			`header_up X-Forwarded-For {remote}`
			`header_up X-Forwarded-Proto {scheme}`
			`}`

			`# Security headers`
			`header {`
			`X-Frame-Options DENY`
			`X-Content-Type-Options nosniff`
			`X-XSS-Protection "1; mode=block"`
			`Referrer-Policy strict-origin-when-cross-origin`
			`Permissions-Policy "geolocation=(), microphone=(), camera=()"`
			`}`

			`# Enable compression`
			`encode gzip zstd`

			`# Let's Encrypt automatic TLS`
			`tls {`
			`# Email for renewal notifications`
			`# Uncomment and set: email admin@timmy.foundation`
			`}`

			`# Logging`
			`log {`
			`output file /var/log/caddy/matrix-access.log {`
			`roll_size 100mb`
			`roll_keep 5`
			`}`
			`}`
			`}`

			`# Well-known delegation for Matrix federation`
			`# Allows other servers to discover our homeserver`
			`timmy.foundation {`
			`handle /.well-known/matrix/server {`
			`header Content-Type application/json`
			respond `{"m.server": "matrix.timmy.foundation:443"}`
			`}`

			`handle /.well-known/matrix/client {`
			`header Content-Type application/json`
			`header Access-Control-Allow-Origin *`
			respond `{"m.homeserver": {"base_url": "https://matrix.timmy.foundation"}}`
			`}`

			`# Redirect root to Element Web or documentation`
			`redir / https://matrix.timmy.foundation permanent`
			`}`