2022-01-16 21:05:02 +00:00
|
|
|
# global options
|
2021-10-22 11:13:16 +00:00
|
|
|
{
|
2022-04-01 08:49:37 +00:00
|
|
|
# remove comment to use staging Let's Encrypt servers (for testing)
|
|
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
2022-01-16 21:05:02 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# auto_https contact mail address, for TLS certs notifications (expiry,
|
|
|
|
# other problems with certs)
|
|
|
|
email admins@pub.solar
|
2021-10-22 11:13:16 +00:00
|
|
|
}
|
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# security and privacy header snippet
|
|
|
|
(security_headers) {
|
|
|
|
header {
|
|
|
|
# disable FLoC tracking
|
|
|
|
Permissions-Policy interest-cohort=()
|
2022-01-16 21:05:02 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# enable HSTS
|
|
|
|
Strict-Transport-Security max-age=63072000;
|
2022-01-17 09:50:27 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# disable clients from sniffing the media type
|
|
|
|
X-Content-Type-Options nosniff
|
2022-01-17 09:50:27 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# clickjacking protection
|
|
|
|
X-Frame-Options DENY
|
2022-01-17 09:50:27 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# keep referrer data off of HTTP connections
|
|
|
|
Referrer-Policy no-referrer-when-downgrade
|
|
|
|
}
|
|
|
|
}
|
2022-01-17 09:50:27 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# static file server
|
|
|
|
miom.space {
|
|
|
|
import security_headers
|
|
|
|
root * /srv/miom.space
|
|
|
|
file_server
|
|
|
|
|
|
|
|
# caddys default is no access logs at all
|
|
|
|
# comment this block out for debugging
|
|
|
|
#log {
|
|
|
|
# output file /var/log/caddy-access.log
|
|
|
|
#}
|
|
|
|
}
|
2022-01-17 09:50:27 +00:00
|
|
|
|
2022-04-01 08:49:37 +00:00
|
|
|
# redirect www. subdomain to apex (root) domain
|
|
|
|
www.miom.space {
|
|
|
|
import security_headers
|
|
|
|
redir https://miom.space{uri}
|
2022-01-17 09:50:27 +00:00
|
|
|
}
|