Global settings:
Sets an email address, likely for Let's Encrypt certificate notifications.
Common security headers (common_security_headers):
Defines a reusable block of security-related HTTP headers.
Includes headers for HSTS, content type options, frame options, referrer policy, and permissions policy.
Removes the default server header.
Main domain (speedyweedyops.org) configuration:
Imports the common security headers.
Enables compression using zstd and gzip.
Sets up JSON logging to stdout.
Configures caching for static assets (60 days).
Sets up a reverse proxy to a Varnish server, including the real IP address in headers.
Git subdomain (git.speedyweedyops.org) configuration:
Similar to the main domain, but proxies to a Gitea server instead.
WWW subdomain redirection:
Permanently redirects www.speedyweedyops.org to speedyweedyops.org.
Overall, this Caddy configuration sets up a secure web server with two main services (likely a blog and a Git server), along with proper security headers, logging, caching, and compression. It also handles www subdomain redirection and uses Varnish as a caching layer for the main domain.
This VCL (Varnish Configuration Language) file defines caching and request handling rules for a Varnish cache server. Here's a description of its main components and functionality:
Backend Definition:
Sets the default backend to a service named "ghost" on port 2368.
Request Handling (vcl_recv):
Normalizes the host header by redirecting www subdomain requests.
Excludes the Ghost admin panel and API from caching.
Synthetic Responses (vcl_synth):
Implements a custom redirect for www subdomain to the main domain.
Backend Response Handling (vcl_backend_response):
Sets a default cache time of 1 hour for all responses.
Prevents caching of responses with Set-Cookie headers, varying wildcard, or private Cache-Control directives.
Response Delivery (vcl_deliver):
Adds a custom X-Cache header to indicate cache hits or misses.
This configuration aims to improve website performance by caching Ghost blog content while ensuring that dynamic and private content (like the admin panel) is not cached. It also handles www subdomain redirection and provides cache status information in the response headers.
This Docker Compose file defines a multi-service application stack, including:
Caddy: A web server and reverse proxy
Ghost: A blogging platform
Gitea: A self-hosted Git service
MySQL: A database for Ghost
Varnish: A caching HTTP reverse proxy
Key features:
Uses YAML anchors for reusable logging and healthcheck configurations
Defines two networks: "web" (external) and "internal" (bridge)
Specifies volume mounts for persistent data storage
Implements healthchecks for all services
Uses secrets for sensitive information (MySQL password)
Sets up dependencies between services
Services overview:
Caddy: Handles incoming HTTP/HTTPS traffic
Ghost: Main blogging application, configured to use MySQL
Gitea: Git repository hosting service
MySQL: Database backend for Ghost
Varnish: Caching layer, likely sitting in front of Ghost
The configuration also defines volumes for MySQL, Ghost, and Gitea data, and uses a secret for the Ghost MySQL password.
