Tech500/caddyfile.md

Last active March 16, 2026 00:11

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Tech500/ba704fbbc54d2ef6a582cad7e95de80f.js"></script>
Save Tech500/ba704fbbc54d2ef6a582cad7e95de80f to your computer and use it in GitHub Desktop.

Download ZIP

Caddy server config file to restrict certain paths

Raw

caddyfile.md

Caddyfile — Weather Station Secure Reverse Proxy

oscar-ii Windows 11

Tailscale Funnel forwards public HTTPS traffic to Caddy on port 8080

Caddy acts as security gatekeeper — exposing only weather dashboards

:8080 { # Block sensitive CumulusMX admin and API paths @blocked { path /api/settings* path /api/station* path /api/info* path /set/* path /login* path /api/edit* path /api/forecast* } respond @blocked 403

# WeeWX dashboard only — restricts to /weewx/ path
# Blocks Apache default page and anything else on the Pi
handle /weewx/* {
    reverse_proxy 192.168.12.15:80
}

# CumulusMX — all other traffic (minus blocked paths above)
handle {
    reverse_proxy localhost:8998
}

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment