deploy/Caddyfile

# ── Timmy Time — Caddy Reverse Proxy ─────────────────────────────────────────
#
# Automatic HTTPS via Let's Encrypt.
# Set DOMAIN env var or replace {$DOMAIN} below.
#
# For local/IP-only access (no domain), Caddy serves on :80 without TLS.

{$DOMAIN:localhost} {
	# Reverse proxy to the FastAPI dashboard
	reverse_proxy dashboard:8000

	# WebSocket support (swarm live updates)
	@websocket {
		header Connection *Upgrade*
		header Upgrade websocket
	}
	reverse_proxy @websocket dashboard:8000

	# Security headers
	header {
		X-Content-Type-Options nosniff
		X-Frame-Options SAMEORIGIN
		Referrer-Policy strict-origin-when-cross-origin
		X-XSS-Protection "1; mode=block"
		-Server
	}

	# Gzip compression
	encode gzip zstd

	# Access logging
	log {
		output stdout
		format console
	}
}
feat: one-click cloud deployment — Caddy HTTPS, Ollama, systemd, cloud-init Add complete production deployment stack so Timmy can be deployed to any cloud provider (DigitalOcean, AWS, Hetzner, etc.) with a single command. New files: - docker-compose.prod.yml: production stack (Caddy auto-HTTPS, Ollama LLM, Dashboard, Timmy agent, Watchtower auto-updates) - deploy/Caddyfile: reverse proxy with security headers and WebSocket support - deploy/setup.sh: interactive one-click setup script for any Ubuntu/Debian server - deploy/cloud-init.yaml: paste as User Data when creating a cloud VM - deploy/timmy.service: systemd unit for auto-start on boot - deploy/digitalocean/create-droplet.sh: create a DO droplet via doctl CLI Updated: - Dockerfile: non-root user, healthcheck, missing deps (GitPython, moviepy, redis) - Makefile: cloud-deploy, cloud-up/down/logs/status/update/scale targets - .env.example: DOMAIN setting for HTTPS - .dockerignore: exclude deploy configs from image https://claude.ai/code/session_018CduUZoEJzFynBwMsxaP8T 2026-02-24 21:22:56 +00:00			`# ── Timmy Time — Caddy Reverse Proxy ─────────────────────────────────────────`
			`#`
			`# Automatic HTTPS via Let's Encrypt.`
			`# Set DOMAIN env var or replace {$DOMAIN} below.`
			`#`
			`# For local/IP-only access (no domain), Caddy serves on :80 without TLS.`

			`{$DOMAIN:localhost} {`
			`# Reverse proxy to the FastAPI dashboard`
			`reverse_proxy dashboard:8000`

			`# WebSocket support (swarm live updates)`
			`@websocket {`
			`header Connection Upgrade`
			`header Upgrade websocket`
			`}`
			`reverse_proxy @websocket dashboard:8000`

			`# Security headers`
			`header {`
			`X-Content-Type-Options nosniff`
			`X-Frame-Options SAMEORIGIN`
			`Referrer-Policy strict-origin-when-cross-origin`
			`X-XSS-Protection "1; mode=block"`
			`-Server`
			`}`

			`# Gzip compression`
			`encode gzip zstd`

			`# Access logging`
			`log {`
			`output stdout`
			`format console`
			`}`
			`}`