HTTPS & Reverse Proxy
Lyftr’s container serves plain HTTP on a host port. To expose it publicly — and to use the mobile app, which needs a real hostname — put it behind a reverse proxy that terminates HTTPS.
Caddy (easiest — automatic HTTPS)
Section titled “Caddy (easiest — automatic HTTPS)”Caddy fetches and renews Let’s Encrypt certificates for you. A one-line
Caddyfile:
lyftr.example.com { reverse_proxy localhost:8080}Then reload Caddy. That’s it — HTTPS is live and auto-renewing.
nginx + Certbot
Section titled “nginx + Certbot”server { server_name lyftr.example.com;
location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }}Then issue a certificate with Certbot:
sudo certbot --nginx -d lyftr.example.comPoint Lyftr at your public origin
Section titled “Point Lyftr at your public origin”After the proxy is up, set CORS_ORIGIN to your HTTPS URL so browser and mobile clients are
allowed, and restart:
# in .envCORS_ORIGIN=https://lyftr.example.comdocker compose up -dSee Configuration for the full list of variables, and the Mobile App page for pointing the phone app at your new HTTPS server.