Skip to content

HTTPS & Reverse Proxy

Lyftr’s container serves plain HTTP on a host port. To expose it publicly — and to use the mobile app, which needs a real hostname — put it behind a reverse proxy that terminates HTTPS.

Caddy fetches and renews Let’s Encrypt certificates for you. A one-line Caddyfile:

lyftr.example.com {
reverse_proxy localhost:8080
}

Then reload Caddy. That’s it — HTTPS is live and auto-renewing.

server {
server_name lyftr.example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Then issue a certificate with Certbot:

Terminal window
sudo certbot --nginx -d lyftr.example.com

After the proxy is up, set CORS_ORIGIN to your HTTPS URL so browser and mobile clients are allowed, and restart:

Terminal window
# in .env
CORS_ORIGIN=https://lyftr.example.com
Terminal window
docker compose up -d

See Configuration for the full list of variables, and the Mobile App page for pointing the phone app at your new HTTPS server.