反向代理，后端的反向代理，在/config/caddy.d目录下


xxx.com {   # 你的域名

    # 处理预检请求
    @options method OPTIONS
    handle @options {
        header Access-Control-Allow-Origin "*"
        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
        header Access-Control-Allow-Headers "Content-Type, Authorization"
        header Access-Control-Allow-Credentials "true"
        header Access-Control-Max-Age "3600"
        respond "" 204
    }

    # 为实际请求添加CORS头部
    header {
        Access-Control-Allow-Origin "*"
        Access-Control-Allow-Credentials "true"
    }



    # 反向代理到Gitea服务器的IP和端口
    reverse_proxy http://ip:8084 {  #若是后端与caddy在同一个网络，可以直接指定后端的容器名


        # 移除后端返回的 CORS 头（防止冲突）
        header_down -Access-Control-Allow-Origin
        header_down -Access-Control-Allow-Methods
        header_down -Access-Control-Allow-Headers



        # 传递原始客户端信息
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}

        # 保持连接活跃（提高性能）
        transport http {
            keepalive 30s
        }
    }


    # 添加安全头部
    header {
        X-Frame-Options "DENY"
        X-Content-Type-Options "nosniff"
        Referrer-Policy "no-referrer-when-downgrade"
    }

}