From 7285343d640a5b7ae91ab4bf1788d32fb0718630 Mon Sep 17 00:00:00 2001
From: SCHAUAUS GmbH <schauausgmbh@noreply.aaskablackwolf.servehttp.com>
Date: Sat, 4 Apr 2026 11:39:38 +0000
Subject: [PATCH] =?UTF-8?q?conf/tresor.conf=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/tresor.conf | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 conf/tresor.conf

diff --git a/conf/tresor.conf b/conf/tresor.conf
new file mode 100644
index 0000000..f254357
--- /dev/null
+++ b/conf/tresor.conf
@@ -0,0 +1,35 @@
+# Caddyfile for DigiErbe Tresor
+tresor.example.com {
+  #PHP
+  php_fastcgi unix//run/php/php-fpm.sock
+
+  # Root directory
+  root * /Pfad/Zu/DigiErbe/Tresor/public
+
+  # Authentication
+  basic_auth / {
+    username $2a$14$SetHashedPasswordHere
+  }
+
+  # Activate file server in Caddy
+  file_server
+
+  # Redirect all requests to index.php
+  try_files {path} /index.php
+
+  # Security headers
+  header {
+    -Server
+    X-Content-Type-Options "nosniff"
+    X-Frame-Options "DENY"
+    X-XSS-Protection "1; mode=block"
+  }
+
+  # Add authenticated username as HTTP Header to the request
+  header_down +X-WEBAUTH-USER {http.auth.user.id}
+
+  # Protokoll
+  log {
+    output file /var/log/caddy/DigiErbe/tresor.log
+  }
+}
\ No newline at end of file