igovnow/nexus_infernum
igovnow/nexus_infernum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
nexus_infernum/caddy/Caddyfile

71 lines
1.5 KiB
Caddyfile
Raw Permalink Normal View History

Add caddy/Caddyfile Global settings: Sets an email address, likely for Let's Encrypt certificate notifications. Common security headers (common_security_headers): Defines a reusable block of security-related HTTP headers. Includes headers for HSTS, content type options, frame options, referrer policy, and permissions policy. Removes the default server header. Main domain (speedyweedyops.org) configuration: Imports the common security headers. Enables compression using zstd and gzip. Sets up JSON logging to stdout. Configures caching for static assets (60 days). Sets up a reverse proxy to a Varnish server, including the real IP address in headers. Git subdomain (git.speedyweedyops.org) configuration: Similar to the main domain, but proxies to a Gitea server instead. WWW subdomain redirection: Permanently redirects www.speedyweedyops.org to speedyweedyops.org. Overall, this Caddy configuration sets up a secure web server with two main services (likely a blog and a Git server), along with proper security headers, logging, caching, and compression. It also handles www subdomain redirection and uses Varnish as a caching layer for the main domain.
2024-08-29 13:57:20 +00:00
{
email fake@mail.com
# Global options
}
(common_security_headers) {
header {
# Security headers
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
-Server # Removes server header
}
}
speedyweedyops.org {
import common_security_headers
# Enable compression
encode zstd gzip
# Logging
log {
output stdout
format json
}
# Cache static assets
@static {
file
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
header @static Cache-Control "public, max-age=5184000" # 60 days
# Reverse proxy to Varnish
reverse_proxy varnish:80 {
header_up X-Real-IP {remote}
}
}
git.speedyweedyops.org {
import common_security_headers
# Enable compression
encode zstd gzip
# Logging
log {
output stdout
format json
}
# Cache static assets
@static {
file
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
header @static Cache-Control "public, max-age=5184000" # 60 days
# Reverse proxy to Varnish
reverse_proxy gitea:3000 {
header_up X-Real-IP {remote}
}
}
# Redirection from www subdomain to main domain
www.speedyweedyops.org {
redir https://speedyweedyops.org{uri} permanent
}
Reference in New Issue Copy Permalink