This is interesting to me. I’d also like some sort of authorization level in front of this. So essentially I’d have only authorized users to my app that can request a URL path inside my app domain and be transparently proxied to the content on a private DO spaces.
Perhaps I would have my app send back an X-Accel-Redirect header and then caddy would know how to proxy that to the DO space? Or maybe try the JWT middleware?