caddy with replace/response

caddy/Caddyfile

@@ -104,26 +104,40 @@ gregknoppcpa.bayarea-cc.com {
 iitwelders.bayarea-cc.com {
   encode zstd gzip
 
+  # Reverse-Proxy auf das geogeblockte Ziel
   reverse_proxy https://iitwelders.com {
-    # Wichtig: als Host explizit die Apex-Domain setzen,
-    # damit der Upstream NICHT auf iitwelders.com umleitet.
+    # Origin-Host/SNI korrekt setzen, damit kein Redirect mehr zurück kommt
     header_up Host iitwelders.com
-
-    # Übliche Forwarded-Header
     header_up X-Forwarded-Host {host}
     header_up X-Forwarded-Proto {scheme}
     header_up X-Forwarded-For {remote_host}
+    header_up Accept-Encoding identity
 
-    # TLS SNI passend zum Upstream-Host
     transport http {
       tls_server_name iitwelders.com
     }
 
-    # Falls der Upstream Probleme mit komprimierten Requests hat:
-    header_up Accept-Encoding identity
+    # Falls der Origin doch mal absolute Redirects schickt:
+    # Location-Header auf Proxy-Domain mappen (einfacher Standardfall)
+    header_down Location https://iitwelders.bayarea-cc.com{uri}
   }
 
-  # Optional: einfache Health-Route
+  # --- Body-Rewriting: harte Links im HTML/CSS/JS umbiegen ---
+  # HTML
+  @html header Content-Type text/html*
+  replace_response @html {
+    s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com"
+    s "//iitwelders.com" "//iitwelders.bayarea-cc.com"
+  }
+
+  # CSS/JS/JSON (falls dort absolute URLs vorkommen)
+  @assets header Content-Type text/css* text/javascript* application/javascript* application/json*
+  replace_response @assets {
+    s "https://iitwelders.com" "https://iitwelders.bayarea-cc.com"
+    s "//iitwelders.com" "//iitwelders.bayarea-cc.com"
+  }
+
+  # Healthcheck (optional)
   @health path /_health
   respond @health "ok" 200
 }