Intro

In my previous post I showed how to setup OpenApi and Scalar in a Microsoft Asp Net Core Web Api. In this post I will show how to secure the OpenApi schema and Scalar browser using Microsoft Identity Web for authentication.

The OpenApi schema and Scalar browser can contain sensitive information about your API, such as the available endpoints, full documentation, request and response schemas, and authentication requirements.

Microsoft recommends OpenApi enabled only in development environments. But securing the OpenApi schema allows you to safely expose these resources in production environments as well, without risking unintended information disclosure to unauthorized users.

Prerequisites

A dotnet Asp Net Core Web Api running .NET 10.

Existing authorization setup with OAuth2 (I’m using Microsoft.Identity.Web in this guide)

Install these nuget packages:

• Scalar.AspNetCore (I used v2.12.41) (Note, alternatives like swagger-ui may also work.)
• Microsoft.AspNetCore.OpenApi (I used v10.0.3)

Setting up OpenApi and Scalar

See the guide in my previous post: Microsoft OpenApi Setup with Scalar

Authentication configuration

Assuming your website has setup authentication with Microsoft Identity Web, your setup looks something like this:

builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddDownstreamApi(
        DownstreamApiService.DownstreamApiServiceName,
        builder.Configuration.GetSection(
            $"DownstreamApis:{DownstreamApiConfig.DownstreamApiName}"
        )
    )
    .AddInMemoryTokenCaches();

// Snip ...

var app = builder.Build();
// Snip ...

app.UseAuthentication();
app.UseAuthorization();
// Snip ...

app.MapOpenApi();
app.MapScalarApiReference("/scalar", options => ...);
// Snip ...

Adding multiple Authentication Schemes

As the WebApi authentication setup is designed for APIs, it uses the JwtBearer authentication scheme by default. This is not suitable for authenticating users in the browser, as it does not support interactive login flows. To authenticate users in the browser, we need to use the OpenIdConnect authentication scheme, which is designed for web applications and supports interactive login flows. This is easily added by adding the AddMicrosoftIdentityWebAppAuthentication method to the services, which adds the OpenIdConnect authentication scheme.

First out:

Add a callbackPath to your authentication setup.

// in your appsettings.json
"AzureAd": {
  // Snip other AzureAd config
  "CallbackPath": "/signin-oidc",
}

You may have to add redirect URIs in your Azure AD app registration for the OpenIdConnect authentication to work. The redirect URI should be in the format https://<your-api-base-url>/signin-oidc.

Then add the AddMicrosoftIdentityWebAppAuthentication (NOTE: App, not Api) to your services:

builder.Services.AddMicrosoftIdentityWebApiAuthentication(
    // Snip (see above)
)

// Note: IdentityWebApp, not Api! Otherwise identical to the Api setup (You may not require downstream api setup here though, depending on your use-case)
builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddDownstreamApi(
        DownstreamApiService.DownstreamApiServiceName,
        builder.Configuration.GetSection(
            $"DownstreamApis:{DownstreamApiConfig.DownstreamApiName}"
        )
    )
    .AddInMemoryTokenCaches();

We now have two authentication schemes, one for the API and one for the Web App. The Web App scheme is used by Scalar to authenticate users in the browser, and the API scheme is used to authenticate requests to the API.

We want to use the Api authentication for most routes, so we setup a default authentication scheme:

builder.Services.AddAuthorization(options =>
{
    options.FallbackPolicy = new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes(
            OpenIdConnectDefaults.AuthenticationScheme, // Optional: Allows us to use the OpenIdConnect cookie if authenticated
            JwtBearerDefaults.AuthenticationScheme // This is the default scheme used for API authentication
        )
        .RequireAuthenticatedUser()
        .Build();
});

Now we setup the Scalar Auth Policy: This has the OpenIdConnect scheme as default, which will cause it to redirect to the Azure AD login page when authentication is required.

var scalarUiAuthenticationPolicy = new AuthorizationPolicyBuilder()
    .AddAuthenticationSchemes(
        JwtBearerDefaults.AuthenticationScheme,
        OpenIdConnectDefaults.AuthenticationScheme // Intentionally use OpenIdConnect last as it will redirect to Azure AD login page.
    )
    .AddRequirements(new DenyAnonymousAuthorizationRequirement())
    .Build();

Then we have to setup the OpenApi schema to use the Web App authentication scheme, and require the correct scopes.

Add “RequireAuthorization” to the OpenApi endpoint to require authentication for the OpenApi document itself. This uses the “default” authentication scheme, which we set to the API scheme above.

app.MapOpenApi().RequireAuthorization(scalarUiAuthenticationPolicy);

Finally we add the RequireAuthorization to the Scalar endpoint

app.MapScalarApiReference(options =>
    {
        // Snip Scalar setup (see previous post)
    })
    .RequireAuthorization(scalarUiAuthenticationPolicy);

Fin

Good!

Now you should be able to run the API locally and see that a login is required to access the OpenApi document and the Scalar UI.

End

// Nils Henrik

This post was written by a human.

In apps like VSCode when you hold ALT the Scroll Wheel on your mouse scrolls about 5 times faster.

I wanted this functionality in every app. Long websites, word documents, pdfs etc.

To achieve this I created this AutoHotKey script.

#Requires AutoHotkey v2.0

#SingleInstance Force

; Fast scrolling when Caps Lock is held down

SetCapsLockState ("AlwaysOff") ; Disable Standard Caps Lock functionality (Actual caps-lock will not work any more)

scrollSpeedMultiplier := 5 ; Scroll speed multiplier

; Define fast scroll behavior when Caps Lock is held down
CapsLock & WheelUp::
{
    Send("{WheelUp " scrollSpeedMultiplier "}")
    return
}

CapsLock & WheelDown::
{
    Send("{WheelDown " scrollSpeedMultiplier "}")
    return
}

This script totally disables the capslock, but replaces it to be a modern modifier key.

Save your file as CapsScrollSpeed.ahk and add it to your startup folder to auto enable the script on every startup. The startup folder can be found by entering entering shell:startup in the “URL” bar in Explorer.

End

Thats it for this time.

// Nils Henrik

This post was written by a human.

Prerequisites

A dotnet Web Api running .NET 10.

Existing authorization setup with OAuth2 (I’m using Microsoft.Identity.Web in this guide)

Install these nuget packages:

• Scalar.AspNetCore (I used v2.10.3)
• Microsoft.AspNetCore.OpenApi (I used v10.0.0)

Setting up OpenApi and Scalar

Following the Microsoft docs: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/overview and the Scalar docs: https://guides.scalar.com/scalar/scalar-api-references/integrations/net-aspnet-core/integration

Add the OpenApi service (this registers the code to generate the OpenApi schema):

services.AddOpenApi();

And register routes to serve the generated json: Also register the Scalar api here.

if (app.Environment.IsDevelopment())
{
    app.MapOpenApi(); // Expose the openapi json
    app.MapScalarApiReference("/scalar"); // Enable Scalar on the "/scalar" route
}

You should now be able to start your API and find a OpenApi json at /openapi/v1.json and to view it visually in the /scalar route.

Configuring OAuth2

To configure OAuth2 for your API you need to do two things:

1. Alter the OpenApi schema with custom changes.
2. Setup Scalar to recognize the Authorization scheme, and configure some extra steps.

Altering the Open Api

We need to change the OpenApi initialization and add a Transformer

services.AddOpenApi(options =>
{
    options.AddDocumentTransformer<CustomOpenApiTransformer>();
});

The transformer is code to adjust the generated OpenApi schema. A short example of what a class could look like is below.

public class CustomOpenApiTransformer(IConfiguration configuration) : IOpenApiDocumentTransformer
{
    public Task TransformAsync(
        OpenApiDocument document,
        OpenApiDocumentTransformerContext context,
        CancellationToken cancellationToken
    )
    {
        document.Info = new OpenApiInfo
        {
            Title = "Echo AyelixProxyApi"
        };

        // Code from below should be placed here...
    }
}

Here we need to add two parts:

1. A SecuritySchema
2. A SecurityRequirement

SecuritySchema

The security schema describes a specific security setup.

For a dotnet api using Azure AD and OAuth2 this should be:

var authority = configuration.GetOrThrow("AzureAd:Authority"); // Learn more here https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority
var audience = configuration.GetOrThrow("AzureAd:Audience"); // In this example this is the guid Client Id of the Api
var schemaKey = "OAuth2"; // This name is used as a key, and could be anything as long as you are consistent.
var scopes = new Dictionary<string, string>
{
    {
        $"{audience}/.default", // Actual Scope
        "All scopes" // Human readable description
    },
};
var securitySchemes = new Dictionary<string, IOpenApiSecurityScheme>
{
    [schemaKey] = new OpenApiSecurityScheme
    {
        Type = SecuritySchemeType.OAuth2,
        Scheme = "OAuth2",
        Flows = new OpenApiOAuthFlows
        {
            Implicit = new OpenApiOAuthFlow
            {
                AuthorizationUrl = new Uri($"{authority}/oauth2/v2.0/authorize"),
                TokenUrl = new Uri($"{authority}/oauth2/v2.0/token"),
                RefreshUrl = new Uri($"{authority}/oauth2/v2.0/token"),
                Scopes = scopes,
            },
        },
    },
};
document.Components ??= new OpenApiComponents();
document.Components.SecuritySchemes = securitySchemes;

Above we defined a schema, now we have to require this schema for the endpoints.

SecurityRequirement

A security requirement can be placed on every endpoint, or on the entire document. For our use-case we just put it on everything, and require the same scope for all endpoints. This could be adjusted according to your api design.

var securityRequirement = new OpenApiSecurityRequirement
{
    [new OpenApiSecuritySchemeReference(schemaKey, document)] = [..scopes.Keys],
};

document.Security = [securityRequirement];

Thats all. Insert this code in the TransformAsync method.

You now have the setup and your openapi.json file should have all the required mapping.

Setup Scalar

Finally we need to configure Scalar with the expected ClientId to use for the Web frontend.

app.MapScalarApiReference("/scalar", options =>
{
    options
        .AddPreferredSecuritySchemes("OAuth2") // This is the schemaKey from above
        .AddImplicitFlow(
            "OAuth2", // Again: schemaKey
            flow =>
            {
                flow.ClientId = builder.Configuration.GetOrThrow("Scalar:OAuthClientId"); // The ClientId to use. Can usually be `AzureAd:ClientId`
                var audience = builder.Configuration.GetOrThrow("AzureAd:Audience");
                flow.SelectedScopes = [$"{audience}/.default"]; // Same scopes as defined in the OpenApi transformer!
            }
        )
});

You may need to add a redirect Uri to your configuration now. By default the redirect Url should be http://localhost/scalar (Redirect uris to localhost do not have to include the port)

That’s all!

You can now browse and authenticate to your API in a quick little local setup!

End

// Nils Henrik

This post was written by a human.

The cause seems to have been the bluetooth adapter, as disabling the bluetooth before sleeping avoided the issue. You should test if disabling bluetooth manually fixes sleep resume for you. If disabling bluetooth actually fixes sleep this guide should help!

The guide was used on Bluefin 42.20250928.1 with the kernel version Linux 6.15.10-200.fc42.x86_64. I believe the guide should be compatible with all universal-blue variants if needed.

A fix on the net was suggested to disable the bluetooth on sleep, and re-enable on resume. As I’m not that familiar with the systemd services I have documented the exact steps to follow below. (Suggested here https://www.reddit.com/r/Fedora/comments/1g7ke8e/comment/ly84xrf/)

The commands and paths needed for me were:

sudo nano /etc/systemd/system/bt-sleep-fix.service

This opens the nano text editor.

In there paste this file:

[Unit]
Description=Disable Bluetooth before going to sleep
Before=sleep.target
StopWhenUnneeded=yes

[Service]
Type=oneshot
RemainAfterExit=yes

ExecStart=/usr/sbin/rfkill block bluetooth
ExecStop=/usr/sbin/rfkill unblock bluetooth

[Install]
WantedBy=sleep.target

Save the file as bt-sleep-fix.service

Apply chmod 644 to it (makes the file readable by all users on the system)

sudo chmod 644 /etc/systemd/system/bt-sleep-fix.service

Now we need to register the service with systemd:

systemctl start bt-sleep-fix.service
systemctl enable bt-sleep-fix.service

This should now enable and disable the bluetooth adapter automatically on sleep and resume. This avoids the crash on resume for me! Nice!

End

Thats it! I hope this guide helps you get your system resuming from sleep, while keeping bluetooth capabilities!

// Nils Henrik

However, these classic games are not officially compatible with modern systems like Windows 10 and 11 and MacOS, leaving fans longing for a way to relive their childhood memories on secure, up-to-date PCs.

This post will guide you step-by-step through the process of running Flåklypa Grand Prix Gullutgave on both macOS and modern Windows systems. Please note, you’ll need to own the original Flåklypa Grand Prix Gullutgave CDs and a USB CD drive.

Let’s dive into the setup process so you can rediscover the nostalgic magic of Flåklypa Grand Prix!

Mac Setup Guide (Using Whisky on macOS)

Follow these steps to install and run Flåklypa Grand Prix Gullutgave on a Mac (M1+) using Wine with Whisky.

1. Prepare the Game Files

1. Insert your original Flåklypa Gullutgave CDs into a USB CD drive.
2. Copy all files from the CDs to two folders on your Mac. Ensure the folders are organized as follows:
   • DISC_1/: Files from the white CD.
   • DISC_2/: Files from the second CD.

2. Download Required Files

1. Update Patch 12:

   • Download the FGPGOLD_UPD12.exe update patch from this site: FlåklypaFix.

2. NO-CD Patch:

   • Download a NO-CD patch for Flåklypa Gullutgave 12. One example is hosted on the Internet Archive: NO-CD Patch.
   • Extract the file and place the FGP.exe into a folder named no-cd/.

3. dgVoodoo2 Compatibility Fix:

   • Download version 2.79.x of dgVoodoo2 from this repository or from this Lutris release page.
   • Extract the files and copy dgVoodoo.conf, ddraw.dll, and d3dimm.dll from the /MS/x86/ folder into a new folder named compability-fix/.

3. Install Whisky

1. Download and install Whisky from getwhisky.app.

   • This guide is tested on Whisky version v2.3.4.

2. Open Whisky and create a new “Bottle”:

   • Set the Windows version to Windows XP.
   • Wait a moment for the image to load (this may take up to a minute).

4. Configure the Bottle

1. Open the Bottle settings and click Winetricks…:

   • Go to the DLLs tab.
   • Find dsound and click Run to install it.

2. Configure Wine:

   • Click Bottle Configuration → Open Wine Configuration.
   • Go to the Libraries tab and add the following overrides:
     • security
     • ddraw (Ignore the performance warning.)
     • d3dimm
   • Press OK to save the settings.

3. Enable DXVK:

   • Go back to Bottle Configuration and enable DXVK.

5. Prepare the Game Files in the Bottle

1. Open the Bottle’s C Drive:
   • Click Open C Drive in the Bottle Configuration.
   • Copy the following folders into the C:/ directory of the Bottle:
     • DISC_1/
     • DISC_2/
     • patch12/ (containing FGPGOLD_UPD12.exe)
     • no-cd/ (containing the NO-CD patched FGP.exe)
     • compability-fix/ (containing dgVoodoo.conf, ddraw.dll, d3dimm.dll).

6. Install the Game

1. Run the installer:
   • In Whisky, click Run… and navigate to C:/DISC_1/setup.exe.
   • Follow the installation steps, leaving all settings at their default values.
   • Important: Do not start the game when the installation finishes.

7. Apply Update Patch 12

1. Run the patch installer:
   • Click Run… again and navigate to C:/patch12/FGPGOLD_UPD12.exe.
   • Follow the installation steps. Do not start the game when finished.

8. Apply the NO-CD Patch

1. Replace the game executable:
   • Navigate to the game installation folder: C:/Program Files (x86)/Flåklypa Grand Prix/.
   • Copy the FGP.exe file from the no-cd/ folder and replace the existing FGP.exe file in the game folder.

9. Apply Compatibility Fixes

1. Copy dgVoodoo2 files:
   • Copy dgVoodoo.conf, ddraw.dll, and d3dimm.dll from the compability-fix/ folder into the game installation folder (C:/Program Files (x86)/Flåklypa Grand Prix/).
   • Ensure these files are in the same folder as FGP.exe (not in subfolders).

10. Pin the Game in Whisky

1. Pin the game executable:

   • Go to the Bottle settings and click Pin Program.
   • Set the name to Flåklypa.
   • Locate and select the game executable: C:/Program Files (x86)/Flåklypa Grand Prix/FGP.exe.

2. Start the game:

   • Press the Play button in Whisky (green triangle).
   • If the game does not start, right-click the pinned program and select Run….

Known Issues on Mac

1. Animations may fail to load:

   • If animations freeze, press Space to skip them, and then restart the animation.

2. Helicopter game freezes:

   • The helicopter mini-game may experience periodic freezes. Unfortunately, there is no known fix for this.

The game should now be running!™️ Relive the nostalgic adventure of Flåklypa Grand Prix Gullutgave.

Windows 10 and 11 Setup Guide

This guide outlines the process to install and run Flåklypa Grand Prix Gullutgave on modern Windows systems (Windows 10 and 11).

1. Prepare the Game Files

1. Insert your original Flåklypa Gullutgave CDs into a USB CD-drive.
2. Copy all files from the CDs to two folders on your PC:
   • DISC_1/: Copy files from the first (white) CD.
   • DISC_2/: Copy files from the second CD.

2. Download Required Files

1. Update Patch 12:

   • Download the FGPGOLD_UPD12.exe update patch from this site: FlåklypaFix.

2. NO-CD Patch:

   • Download a NO-CD patch for Flåklypa Gullutgave 12. One example is hosted on the Internet Archive: NO-CD Patch. Unzip the file and copy the FGP.exe file to a new folder named no-cd/.

3. dgVoodoo2 Compatibility Fix:

   • Download version 2.79.x of dgVoodoo2 from https://github.com/legluondunet/mlls-tools/blob/master/dgVoodoo2/dgVoodoo2_79_3.zip
   • Extract the files and copy dgVoodoo.conffrom the folder, and ddraw.dll, and d3dimm.dll from the /MS/x86/ folder to a new folder named compability-fix/.

3. Install the Game

1. Run the setup.exe from DISC_1/:
   • Navigate to DISC_1/setup.exe and double-click to start the installer.
   • Follow the installation steps, leaving all settings at their default values.
   • Important: Do not start the game when the installation finishes.

4. Apply Update Patch 12

1. Run the patch installer:
   • Navigate to the location where you downloaded the patch (FGPGOLD_UPD12.exe) and double-click to run it.
   • Follow the installation steps. Do not start the game when finished.

5. Apply the NO-CD Patch

1. Replace the game executable:
   • Navigate to the game installation folder (default is C:/Program Files (x86)/Flåklypa Grand Prix/).
   • Copy the FGP.exe file from the no-cd/ folder and paste it into the game installation directory. Replace the existing FGP.exe file when prompted.

6. Apply Compatibility Fixes

1. Copy dgVoodoo2 files:
   • Copy dgVoodoo.conf, ddraw.dll, and d3dimm.dll from the compability-fix/ folder into the game installation folder (C:/Program Files (x86)/Flåklypa Grand Prix/).

7. Compatibility Settings (If Needed)

If the game does not run after completing the steps above, try the following:

1. Locate the FGP.exe file in the installation folder.
2. Right-click on FGP.exe and select Properties.
3. Go to the Compatibility tab and:
   • Check Run this program in compatibility mode for: and select Windows XP (Service Pack 3).
   • Check Reduce color mode and set it to 16-bit (65536) color.
4. Click Apply and OK.

8. Start the Game

1. Open the Windows Start Menu.
2. Search for Flåklypa Grand Prix and launch the game from the shortcut.

Troubleshooting

• If the game still does not start, navigate to C:/Program Files (x86)/Flåklypa Grand Prix/, right-click FGP.exe, and select Run as Administrator.
• Some graphics issues may occur depending on your hardware, but the dgVoodoo2 wrapper should resolve most compatibility problems.

Enjoy!

Everything should now be working!™️ Enjoy the nostalgia of Flåklypa Grand Prix Gullutgave.

Why does the game work now?

Flåklypa is an old game that relies on DirectX 8 and Direct Draw. The game relies on some graphics driver quirks.

DirectX 8 and DirectDraw is not implemented the same in newer windows, so some older function have been removed. We use a genious wrapper called dgVoodoo2 that in practice re-implements the old features for newer Windows versions. Performance may not equal the original setup, but we get it working!

Additionally we have a NO-CD FGP.exe that removes the need for a CD-key. The latest FGP patch required a key you could get from the flåklypa website, but this site has not been available for many years.

Bonus Cheat Codes

As these seem to be lost in time I write the cheat codes here. Cheat codes was a thing used in the ancient times before you paid to unlock everything in games.

Just type the cheat-code anywhere in the games menus to unlock various things. If the cheat is typed correctly there will be a sound and sometimes a popup window.

• NOMORETWEAKS: Unlock all games, scenes and activities
• CVG Unlock all activities
• ASSISTANCE: Unlock all games
• BEDTIMESTORY Unlock all story pages in the photo-book
• SHOWMEHEAVEN: Unlock a single puzzle image
• BLOWMEAWAY: Unlock a single new film
• NOMOREDISHES: Receive 3 pieces for the Il Tempo Gigante
• GIMMETRACKS: Unlock new Tracks for the races
• HOTWHEELS: Unlock new cars for the races
• ZOOMIN: Zoom in towards the cursor?
• ZOOMOUT: Zoom back to normal zoom.

End

Thats it! I hope this guide helps you get the game working.

I used the compression to compress a uncompressed 360MB 4k skybox into a 0.5MB(!) file (using a very sparse space-skybox)

The ktx docs are complex to read and short on examples. I offer my solution here if anyone else needs to convert a cubemap to a basisu compressed ktx2 cubemap.

First install the ktx tools. I use windows and downloaded the installer from the “Releases” page on GitHub: Link (I used v4.3.2)

The below command was all I needed. (You may have to scroll right to see the whole command, or just copy everything.)

# ktx v4.3.2
ktx create --format R8G8B8_SRGB --encode basis-lz --cubemap ./right.png ./left.png ./top.png ./bottom.png ./front.png ./back.png output.ktx2

Breakdown of the command:

• ktx create: This is the command to create a new KTX file.
• --format R8G8B8_SRGB: This specifies the format of the images. R8G8B8_SRGB means the images are in 8-bit RGB format with sRGB color space. (This is probably what you want.)
• --encode basis-lz: This specifies the encoding and compression method to use, in this case, basis-lz for Basis Universal ETC1S compression. (You may also try uastc for higher visual quality if needed)
• --cubemap: This flag indicates that the images are to be used as a cubemap.
• ./right.png ./left.png ./top.png ./bottom.png ./front.png ./back.png: These are the input images for the cubemap, representing the six faces of the cube as inputs.
• output.ktx2: The last parameter is the name of the output KTX2 file.

You may want to decide which encoding you want to use, check the docs for variants.

Thats all for this time.

Note: If you have HDR images this is not yet supported as of writing. But it seems like UASTC HDR support should be coming.

// Nils Henrik

The post expects that you have a caddy server running with a basic Caddyfile, and will help you configure the SPA and https backend configuration.

Single Page Apps and Backend APIs

Most Single Page Apps rely on a backend API, and sometimes that API is hosted on a different server. If your backend is secured, you might need to send Authorization headers, and the backend server will need to support Cross-Origin Resource Sharing (CORS) headers.

CORS requests involve an additional roundtrip to the server, which can double the request time and increase latency when using your app.

By setting up a reverse proxy, you can “hide” the fact that your backend is hosted on a separate server, improving performance and simplifying your architecture.

A Common Setup

A typical reverse proxy setup might look like this:

/index.html: This is retrieved directly from Server A 🟢.

/backend/api/posts: This request is forwarded by Server A to Server B🔵’s /api/posts route. (Server A then sends the response back to the browser).

In this setup, the browser doesn’t know that it’s actually communicating with a backend hosted on another domain. The browser does not require CORS pre-requests, and its easier to secure your API and website. 😎

What is Caddy?

Caddy is a powerful web server designed to handle a variety of tasks, including serving as a reverse proxy. It’s simple to configure, flexible, and well-suited for modern web applications like SPAs. Caddy fills the same role as other servers such as nginx or traefik.

Setting Up Caddy as a Reverse Proxy for SPA

Here’s a basic Caddyfile to configure Caddy as a reverse proxy for an SPA:

# This file was tested with Caddy v2.9

# Basic reverse proxy setup
yourdomain.example.com {

  # IMPORTANT: `handle_path` automatically "replaces" the route when forwarding.
  # Example: /backend/api/blog/posts will be forwarded to /api/blog/posts.
  # If you don't want this replacement behavior, use `handle` instead.
  handle_path /backend/* {
    reverse_proxy {
      to your_backend_url:8000
      # If your backend is HTTPS, see the example below for additional configuration.
    }
  }

  # This is the basic SPA hosting setup
  handle {
    # Root: We assume the SPA files are located in the /srv directory.
    root * /srv
    # `try_files` will fall back to the index if no matching files are found.
    try_files {path} /index.html

    # file_server will serve static files from the root path.
    file_server
  }
}

Modifying for External HTTPS Backends

If your reverse proxy is forwarding requests to an external server hosted on HTTPS, you’ll need to make a small modification to handle this correctly. Specifically, you need to adjust the Host header.

Here’s how to modify your Caddyfile for this scenario:

handle_path /backend/* {
  reverse_proxy {
    to https://your_backend_url.example.com
    # If the target server is external and hosted over HTTPS,
    # you need to modify the `Host` header to match the target server's host.
    header_up Host {http.reverse_proxy.upstream.hostport}
    # This ensures the correct Host header is sent for HTTPS requests.
  }
}

This configuration forwards requests to an external server securely, ensuring proper handling of the Host header for HTTPS connections.

Note: The guide was written with Caddy 2.9 in mind at the end of 2024, and may be outdated when you read this. Please check with the official docs if anything does not work as expected. https://caddyserver.com/docs/caddyfile/patterns#single-page-apps-spas

Conclusion

That’s all you need to set up a reverse proxy with Caddy to host an SPA! If you’re interested in learning how to run Caddy with Docker, stay tuned for a future post on that topic.

For more detailed documentation, visit the official Caddy docs: https://caddyserver.com/docs

// Nils Henrik

If I had a dedicated underscore key on my keyboard it would be a lot easier to cope with.

There are some guides that suggest AutoHotKey remapping a key, but I did not have the opportunity to install AutoHotKey on my work computer.

But the Windows PowerToys package from Microsoft is allowed on my PC, and that has a built in Keyboard Manager.

In PowerToys you are able to remap Shortcuts:

By using the remap functionality you can easily add remaps for singular apps so they do not get in the way for shortcuts in other apps!

This way I added the shortcut Shift-Space to write _ instead of doing nothing in Godot Engine! I just need one hand to write a underscore now. Finally I can write Python or GDScript without annoyances!

In the future I might consider remapping CAPS_LOCK as a dedicated underscore key, as that makes it just a single key-press for an underscore. Making it just as easy to write snake_case as camelCase!

Thats it for this time. Hope this helps someone out!

// Nils Henrik

To introduce the problem: Git uses case-sensitive branches, but stores the branches in a file system on disk. If the filesystem is not case sensitive this will cause problems with git.

For example: Given two branches: feature/cool-feature and Feature/awesome-button. If a Windows user tries to checkout both these branches git will complain that the second branch is not found. (See StackOverflow discussion. You may find it with another casing, but that will then again fail on GitHub when pushing changes! The best way to avoid this (without fixing git itself…) is to enforce lower case branch names.

Note: I suggest enforcing this only if all existing GitHub branches are lower case. Try to adjust the regex to your naming standard if its different from the one suggested in this post.

To enforce lower case branch names in GitHub we can use a repository setting called Code and automation -> Rules -> Rulesets

By creating a ruleset, we can mandate that branch names be lowercase.

1. Go to your repo. Find the Settings. Find the Rulesets menu item.
2. Create a ruleset:
   1. Name the ruleset: Avoid git case-sensitivity issues by enforcing lowercase branch names
   2. Target all branches.
   3. Enable the “Restrict branch names” rule
   4. Create a restriction for the branch name:
      1. Branch name rule
      2. Must NOT match the following regex
      3. (?-i)([A-Z])(Branch name must be fully lower case)*
         • The (?-i) part is crucial as it disables case-insensitive matching for the following pattern!
         • Also note the Optional description (Branch name must be fully lower case)*. This helps give a message to the user of what is wrong. (Standard error message displayed in git cli is remote: - Branch name must not match a given regex pattern: (?-i)[A-Z], so adding the description into the regex helps indicate whats wrong)
      4. Description Branch name must be fully lowercase (This description is not available in the git terminal, so not sure where its used)
3. Press Save Changes button and test this in your repo

When pushing a branch with a upper-case letter the client will get an error message that’s descriptive enough to pinpoint the problem! This avoids them from pushing the branch, and affecting other users.

Thats it for this time, I hope this helps avoid the branch name case sensitivity issue for you. I’ts also my hope that git or GitHub at some point will fix the issue for all users.

Please vote for my feature suggestion on GitHub if you’d like GitHub to provide a better fix: https://github.com/orgs/community/discussions/20518

// Nils Henrik

The Url Build Trigger plugin by JetBrains works ok. But it by default polls the target url every 30 seconds for every build configuration.

There’s no configuration options in the UI, no source code, and no documentation. But the plugin is licensed with Apache license, so I de-compiled the JAR file for the plugin and found this setting:

String pollInterval = context.getBuildType().getParameterValue("teamcity.internal.url.build.trigger.poll.interval");

Adding the following to the teamcity internal.properties file you can set the polling interval to 10 minutes (or any whole second interval)!:

# Set the "Url build trigger" plugins polling interval to 10 minutes
url.build.trigger.poll.interval=600

It will now wait 600 seconds instead of 30! Cool 😎

That’s it for this time!

// Nils Henrik