chore: overhaul infrastructure and integrate @mintel packages

- Restructure to pnpm monorepo (site moved to apps/web) - Integrate @mintel/tsconfig, @mintel/eslint-config, @mintel/husky-config - Implement Docker service architecture (Varnish, Directus, Gatekeeper) - Setup environment-aware Gitea Actions deployment
2026-02-05 14:18:51 +01:00
parent 190720ad92
commit 103d71851c
1029 changed files with 13242 additions and 27898 deletions
--- a/apps/web/docker/Caddyfile
+++ b/apps/web/docker/Caddyfile
@@ -0,0 +1,47 @@
+# Caddyfile for reverse proxy with automatic SSL
+{
+    # Email for Let's Encrypt notifications
+    email {$EMAIL:-admin@example.com}
+}
+
+# Main website
+{$DOMAIN:-localhost} {
+    # Reverse proxy to website container
+    reverse_proxy website:3000
+    
+    # Security headers
+    header {
+        # Enable HSTS
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        # Prevent clickjacking
+        X-Frame-Options "SAMEORIGIN"
+        # Prevent MIME sniffing
+        X-Content-Type-Options "nosniff"
+        # XSS protection
+        X-XSS-Protection "1; mode=block"
+        # Remove server info
+        Server "mintel"
+    }
+    
+    # Logging
+    log {
+        output file /var/log/caddy/access.log
+        format json
+    }
+    
+    # Compression
+    encode zstd gzip
+}
+
+# Analytics subdomain (if using your existing Plausible)
+analytics.{$DOMAIN:-localhost} {
+    # Point to your existing Plausible instance
+    # Replace with your Plausible server IP/domain
+    reverse_proxy http://YOUR_PLAUSIBLE_SERVER:8000
+    
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+    }
+}