# ADR-004: Reverse Proxy Selection — Caddy

**Status**: Accepted  
**Date**: 2026-04-05  
**Deciders**: Ezra (architect), Timmy Foundation  
**Scope**: TLS termination and reverse proxy for Matrix/Conduit (#166, #183)

---

## Context

Options for reverse proxy + TLS:
- **Caddy** (auto-TLS, simple config)
- **Traefik** (Docker-native, label-based)
- **Nginx** (ubiquitous, more manual)

## Decision

Use **Caddy** as the dedicated reverse proxy for Matrix services.

## Consequences

| Positive | Negative |
|----------|----------|
| Automatic ACME/Let's Encrypt | Less community Matrix-specific examples |
| Native `.well-known` + SRV support | New config language for ops team |
| No Docker label magic required | |
| Clean separation from existing Traefik | |

## Implementation

See:
- `infra/matrix/caddy/Caddyfile`
- `deploy/matrix/Caddyfile`

## References

- Issue: [#183](http://143.198.27.163:3000/Timmy_Foundation/timmy-config/issues/183)