diff --git a/passman-dev/Caddyfile b/passman-dev/Caddyfile
new file mode 100644
index 0000000..acccbd7
--- /dev/null
+++ b/passman-dev/Caddyfile
@@ -0,0 +1,19 @@
+# HTTP site: redirect everything to HTTPS
+http://localhost {
+ redir https://{host}{uri} permanent
+}
+
+# HTTPS site
+https://localhost {
+ reverse_proxy web:80
+ tls internal
+
+ # Optional: security headers (defense-in-depth)
+ header {
+ X-Content-Type-Options "nosniff"
+ X-Frame-Options "DENY"
+ Referrer-Policy "no-referrer"
+ }
+}
+
+
diff --git a/passman-dev/docker-compose.yml b/passman-dev/docker-compose.yml
index 440f18b..978b559 100644
--- a/passman-dev/docker-compose.yml
+++ b/passman-dev/docker-compose.yml
@@ -2,8 +2,8 @@
services:
web:
build: .
- ports:
- - "80:80"
+ # ports:
+ # - "80:80"
volumes:
- ./php:/var/www/html
environment:
@@ -14,6 +14,18 @@ services:
depends_on:
- db
+ proxy:
+ image: caddy:2
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - ./Caddyfile:/etc/caddy/Caddyfile:ro
+ - caddy_data:/data
+ - caddy_config:/config
+ depends_on:
+ - web
+
db:
image: mariadb:11
container_name: passman_db
@@ -30,4 +42,6 @@ services:
volumes:
dbdata:
+ caddy_data:
+ caddy_config:
diff --git a/passman-dev/php/passman/index.html b/passman-dev/php/passman/index.html
index af9a7e3..e374e71 100644
--- a/passman-dev/php/passman/index.html
+++ b/passman-dev/php/passman/index.html
@@ -15,23 +15,23 @@
@@ -41,18 +41,18 @@
Hacker's side (for using stealing cookies using XSS):
- http://localhost/passman/xss
+ passman/xss