Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20

data/Caddyfile

@@ -0,0 +1,46 @@
+{
+	# disable unwanted stuff
+	admin off
+	skip_install_trust
+	# define the ports by the environment variables
+	http_port {$HTTP_PORT}
+	https_port {$HTTPS_PORT}
+}
+
+0.0.0.0 {
+	# the tls certificates
+	tls {$DATADIR}/tls/server.pem {$DATADIR}/tls/server-key.pem
+	route {
+		# profile pictures
+		file_server /profilepictures/* {
+			root {$DATADIR}/profilepictures/..
+		}
+		# static files
+		file_server /static/* {
+			root {$DATADIR}/static/..
+		}
+		# favicon
+		redir /favicon.ico /static/favicon.ico
+		# reverse proxy to the (django) application
+		reverse_proxy localhost:{$APPLICATION_PORT}
+		# set additional security headers
+		header Content-Security-Policy "default-src 'self'"
+	}
+	# use compression
+	encode gzip
+	# logging
+	log {
+		output file {$ACCESS_LOG}
+		format filter {
+			wrap console
+			fields {
+				common_log delete
+				request>headers delete
+				request>tls delete
+				user_id delete
+				resp_headers delete
+			}
+		}
+		level INFO
+	}
+}