caddy: add privacy and security headers

2022-01-17 10:50:27 +01:00 · 2022-01-17 10:50:27 +01:00 · cea275f8e8
parent 1cfa57135d
commit cea275f8e8
2 changed files with 21 additions and 0 deletions
--- a/18
+++ b/18
@ -24,3 +24,21 @@ miom.space {
 www.miom.space {
        redir https://miom.space{uri}
 }
+
+# security and privacy headers
+header {
+	# disable FLoC tracking
+	Permissions-Policy interest-cohort=()
+
+	# enable HSTS
+	Strict-Transport-Security max-age=63072000;
+
+	# disable clients from sniffing the media type
+	X-Content-Type-Options nosniff
+
+	# clickjacking protection
+	X-Frame-Options DENY
+
+	# keep referrer data off of HTTP connections
+	Referrer-Policy no-referrer-when-downgrade
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -12,9 +12,12 @@ services:
      - caddy_data:/data
    labels:
      - triton.cns.services=miom-website
+      - "com.docker.swarm.affinities=[\"volumename==miomspace_caddy_data\"]"

 volumes:
  caddy_data:
+    external: true
+    name: miomspace_caddy_data
    driver: tritonnfs
    driver_opts:
      size: "1G"