39 lines
954 B
Markdown
39 lines
954 B
Markdown
|
# ADR-004: Reverse Proxy Selection — Caddy
|
||
|
|
|
||
|
|
**Status**: Accepted
|
||
|
|
**Date**: 2026-04-05
|
||
|
|
**Deciders**: Ezra (architect), Timmy Foundation
|
||
|
|
**Scope**: TLS termination and reverse proxy for Matrix/Conduit (#166, #183)
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## Context
|
||
|
|
|
||
|
|
Options for reverse proxy + TLS:
|
||
|
|
- **Caddy** (auto-TLS, simple config)
|
||
|
|
- **Traefik** (Docker-native, label-based)
|
||
|
|
- **Nginx** (ubiquitous, more manual)
|
||
|
|
|
||
|
|
## Decision
|
||
|
|
|
||
|
|
Use **Caddy** as the dedicated reverse proxy for Matrix services.
|
||
|
|
|
||
|
|
## Consequences
|
||
|
|
|
||
|
|
| Positive | Negative |
|
||
|
|
|----------|----------|
|
||
|
|
| Automatic ACME/Let's Encrypt | Less community Matrix-specific examples |
|
||
|
|
| Native `.well-known` + SRV support | New config language for ops team |
|
||
|
|
| No Docker label magic required | |
|
||
|
|
| Clean separation from existing Traefik | |
|
||
|
|
|
||
|
|
## Implementation
|
||
|
|
|
||
|
|
See:
|
||
|
|
- `infra/matrix/caddy/Caddyfile`
|
||
|
|
- `deploy/matrix/Caddyfile`
|
||
|
|
|
||
|
|
## References
|
||
|
|
|
||
|
|
- Issue: [#183](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/183)
|