Use Caddy to serve localhost HTTPS

Caddyfile

@@ -0,0 +1,24 @@
+# Caddy v2 configuration for local development (HTTPS on localhost)
+# Reverse-proxy to the bot service and serve static assets.
+# Uses Caddy's internal CA to generate a self-signed certificate for localhost.
+
+# HTTP -> HTTPS redirect for local development
+:80 {
+	redir https://localhost{uri}
+}
+
+# Local HTTPS site with self-signed cert
+localhost {
+	encode zstd gzip
+	# Issue a locally-trusted certificate via Caddy's internal CA
+	tls internal
+
+	# Serve static files under /static from the mounted volume
+	handle_path /static* {
+		root * /var/www/reminder-rs/static
+		file_server
+	}
+
+	# Proxy everything else to the bot service inside the Docker network
+	reverse_proxy bot:18920
+}

compose.yaml

@@ -39,5 +39,21 @@ services:
         ports:
             - "18920:18920"
 
+    proxy:
+        image: caddy:2.4.6-alpine
+        restart: always
+        depends_on:
+            - bot
+        ports:
+            - "80:80"
+            - "443:443"
+        volumes:
+            - ./Caddyfile:/etc/caddy/Caddyfile:ro
+            - ./static:/var/www/reminder-rs/static:ro
+            - caddy_data:/data
+            - caddy_config:/config
+
 volumes:
     reminders:
+    caddy_data:
+    caddy_config: