first commit

examples/website/Caddyfile

@@ -0,0 +1,52 @@
+:8080 {
+    # Serve from dist directory
+    root * dist
+    file_server
+
+    # Enable Gzip compression (Brotli requires custom Caddy build)
+    encode gzip
+
+    # Cache static assets aggressively
+    @static {
+        path *.wasm *.js *.css *.png *.jpg *.jpeg *.gif *.svg *.ico *.woff *.woff2
+    }
+    header @static Cache-Control "public, max-age=31536000, immutable"
+
+    # Cache HTML with shorter duration
+    @html {
+        path *.html /
+    }
+    header @html Cache-Control "public, max-age=3600"
+
+    # Security headers
+    header {
+        # Enable HTTPS redirect in production
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        
+        # Prevent XSS attacks
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        X-XSS-Protection "1; mode=block"
+        
+        # Content Security Policy for WASM
+        Content-Security-Policy "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; font-src 'self' https://cdn.jsdelivr.net; connect-src *; img-src 'self' data: https:;"
+        
+        # Referrer policy
+        Referrer-Policy "strict-origin-when-cross-origin"
+    }
+
+    # WASM MIME type
+    @wasm {
+        path *.wasm
+    }
+    header @wasm Content-Type "application/wasm"
+
+    # Handle SPA routing - serve index.html for non-file requests
+    try_files {path} /index.html
+
+    # Logging
+    log {
+        output stdout
+        format console
+    }
+}