Caddyfile

:4173 {
  encode gzip
  root * /usr/share/caddy

  route {
    try_files {path} /index.html
    file_server browse
  }

  handle_path /api/* {
    rewrite * /api{uri}
		reverse_proxy :3000
	}

  header /service-worker.js {
    Cache-Control max-age=0, no-cache, no-store, must-revalidate
  }

  header {
    -Server
    Content-Security-Policy default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests
    Cross-Origin-Opener-Policy same-origin
    Cross-Origin-Resource-Policy same-origin
    Origin-Agent-Cluster ?1
    Referrer-Policy no-referrer
    Strict-Transport-Security max-age=15552000; includeSubDomains
    X-Content-Type-Options nosniff
    X-DNS-Prefetch-Control off
    X-Download-Options noopen
    X-Frame-Options SAMEORIGIN
    X-Permitted-Cross-Domain-Policies none
    -X-Powered-By
    X-XSS-Protection 0
  }
}