Reverse Proxy: Caddy example

src/administration-guide/security/caddy.md

@@ -0,0 +1,22 @@
+<div class="breadcrumbs">
+    Administration Guide
+    → <a href="/administration-guide/security/">Security</a>
+    → Caddy config
+</div>
+
+
+# Caddy config
+
+Caddy supports websockets and will by default only enable secure TLS ciphers (TLS1.2 + TLS1.3), so minimal config is needed.
+
+Example `/etc/caddy/Caddyfile` config:
+
+```
+example.com {
+    reverse_proxy 127.0.0.1:3000 {
+        header_up X-Real-IP {client_ip}
+    }
+}
+```
+
+If Caddy can't request a TLS cert using ACME (e.g. due to firewall or using internal domains), then add `tls internal` to the config.

src/administration-guide/security/network.md

@@ -13,15 +13,15 @@ Why use encrypted connections? See: [Article from Cloudflare](https://www.cloudf
 Options you have:
 
 * [VPN](#vpn)
-* [SSL](#ssl)
+* [TLS](#tls)
 
 ---
 
 ## VPN
 
 You can use a Client-to-Site VPN, that terminates on the Semaphore server, to encrypt & secure the connection.
 
-## SSL
+## TLS
 
 Semaphore supports SSL/TLS starting from v2.12.
 
@@ -50,6 +50,7 @@ Alternatively, you can use a reverse proxy in front of Semaphore to handle secur
 
 * [NGINX](./nginx.md)
 * [Apache](./apache.md)
+* [Caddy](./caddy.md)
 
 
 ### Self-signed SSL certificate