~erock/pico

ref: 90951e09568b61d17747a4a76036f2a876fe3f3e pico/caddy/Caddyfile -rw-r--r-- 1.0 KiB
90951e09Eric Bower fix(lists): wrong anchor links 5 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{
	on_demand_tls {
		ask http://web:3000/check
		interval 1m
		burst 10
	}
}

*.{$APP_DOMAIN}, {$APP_DOMAIN} {
	reverse_proxy web:3000
	tls {$APP_EMAIL} {
		dns cloudflare {$CF_API_TOKEN}
	}
	encode zstd gzip

	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()

		# enable HSTS
		Strict-Transport-Security max-age=31536000;

		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff

		# clickjacking protection
		X-Frame-Options DENY

		# keep referrer data off of HTTP connections
		Referrer-Policy no-referrer-when-downgrade

		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"

		X-XSS-Protection "1; mode=block"
	}

	@caddymetrics {
		host {$APP_DOMAIN}
		path /_caddy/metrics
	}

	metrics @caddymetrics {
		disable_openmetrics
	}

	@appmetrics {
		host {$APP_DOMAIN}
		path /_app/metrics
	}

	handle @appmetrics {
		rewrite * /metrics
		reverse_proxy ssh:9222
	}
}

:443 {
	reverse_proxy web:3000
	tls {$APP_EMAIL} {
		on_demand
	}
	encode zstd gzip
}