Updated README/fixed #3

README.md

@@ -16,6 +16,8 @@ MiauInv is a secure, light-weight inventory, stock, and project allocation track
     * [Prerequisites](#prerequisites)
     * [Option 1: Native Local Deployment](#option-1-native-local-deployment)
     * [Option 2: Docker Deployment (Recommended)](#option-2-docker-deployment-recommended)
+* [Reverse Proxy Integration with Caddy](#reverse-proxy-integration-with-caddy)
+* [Images](#images)
 
 ## Technical Specifications
 
@@ -130,7 +132,6 @@ mkdir -p appdata
 
 # Generate self-signed certificate and private key
 openssl req -x509 -newkey rsa:4096 -keyout appdata/key.pem -out appdata/cert.pem -sha256 -days 365 -nodes
-
 ```
 
 ### Option 1: Native Local Deployment
@@ -142,7 +143,6 @@ openssl req -x509 -newkey rsa:4096 -keyout appdata/key.pem -out appdata/cert.pem
 export JWT_SECRET="your_minimum_thirty_two_char_secret_key_here"
 go build -o miauinv main.go
 ./miauinv
-
 ```
 
 ---
@@ -167,7 +167,6 @@ services:
       - JWT_SECRET=SECURE_RANDOM_STRING # Must be at least 32 characters long
     volumes:
       - ./appdata:/appdata # To edit your configuration files
-
 ```
 
 #### 2. Execution Commands
@@ -183,7 +182,74 @@ docker-compose ps
 
 # Monitor execution system logs
 docker-compose logs -f
-
 ```
 
-Once running successfully via Docker orchestration loops, navigate your web browser context safely to `https://localhost:8080` to interact with your MiauInv control panel workspace.
+Once running successfully via Docker orchestration loops, navigate your web browser context safely to `https://localhost:8080` to interact with your MiauInv control panel workspace.
+
+## Reverse Proxy Integration with Caddy
+
+If you deploy MiauInv behind a global Caddy server, Caddy must act as an HTTPS reverse proxy. Since the MiauInv binary enforces native TLS transport, Caddy needs to be configured to establish a secure backend connection and bypass verification for self-signed backend certificates.
+
+### 1. Docker Compose Network Configuration
+Ensure your MiauInv container shares an external network with your Caddy container (e.g., a network named `proxy`). The container does not need to expose public ports since Caddy communicates with it internally over port `8080`.
+
+```yaml
+services:
+  miauinv:
+    image: git.miaurizius.de/miaurizius/miauinv:latest
+    container_name: MiauInv
+    restart: unless-stopped
+    networks:
+      - proxy
+    environment:
+      - JWT_SECRET=SECURE_RANDOM_STRING
+    volumes:
+      - ./appdata:/appdata
+
+networks:
+  proxy:
+    external: true
+```
+
+### 2. Caddyfile Configuration
+
+Add the following block to your server's `Caddyfile`. The `https://` prefix forces Caddy to use TLS for the backend connection, and `tls_insecure_skip_verify` allows the proxy to accept the internal self-signed certificate generated during the prerequisites step.
+
+```caddy
+inv.yourdomain.com {
+        encode zstd gzip
+
+        reverse_proxy https://miauinv:8080 {
+                transport http {
+                        tls_insecure_skip_verify
+                }
+        }
+
+        header {
+                X-Content-Type-Options nosniff
+                Referrer-Policy strict-origin-when-cross-origin
+                Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        }
+}
+```
+
+### 3. Apply Configuration
+
+Reload your Caddy instance to apply the reverse proxy routing rules:
+
+```bash
+docker compose exec -w /etc/caddy caddy caddy reload
+```
+
+## Images
+#### Dashboard
+<img src="docs/img/dashboard.png">
+
+#### Inventory
+<img src="docs/img/inventory.png">
+
+#### Locations
+<img src="docs/img/locations.png">
+
+#### Projects
+<img src="docs/img/projects.png">