Experimental: migrate frontend webserver to Caddy

Containerfile-frontend

@@ -15,19 +15,16 @@ RUN     apk add --no-cache \
 # Install system dependencies
 RUN     apk update && \
         apk add --no-cache \
-            nginx
+            caddy
 
 # Configure directory permissions
-RUN     chown -R nginx /var/log/nginx && \
-        rm -rf /var/www/localhost && \
-        chown nginx /var/www
+RUN     mkdir /var/www && \
+        chown caddy /var/www
 
-COPY static/frontend/nginx.conf /etc/nginx/nginx.conf
-COPY static/frontend/common.conf /etc/nginx/common.conf
-COPY static/frontend/conf.d/default.conf /etc/nginx/conf.d/default.conf
+COPY static/frontend/Caddyfile /etc/caddy/Caddyfile
 
 # Install application dependencies (unprivileged)
-USER nginx
+USER caddy
 WORKDIR /var/www
 
 # Extract application release package
@@ -51,8 +48,10 @@ RUN     apk del \
             wget \
             yarn
 
+VOLUME ["/var/lib/caddy"]
+
 EXPOSE 8080
 
-USER nginx
+USER caddy
 
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]

static/frontend/Caddyfile

@@ -0,0 +1,30 @@
+{
+	admin off
+	http_port 8080
+	https_port 8443
+
+	# Do not add the webserver's local certificate authority to the container's trust store
+	skip_install_trust
+}
+
+localhost {
+	# Issue self-signed certificates on-demand from local certificate authority
+	tls {
+		issuer internal
+		on_demand
+	}
+
+	# Serve static file content
+	file_server
+	root * /var/www/public
+
+	# Fallback to PHP handling for missing files
+	try_files {path} /index.php?{query}
+
+	# Proxy PHP requests to the backend service
+	@php path *.php
+	php_fastcgi @php backend:9000
+
+	# Enable gzip compression
+	encode gzip
+}