From cea275f8e81f7b81deacc01b65ccf27713e4cfd4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 17 Jan 2022 10:50:27 +0100 Subject: [PATCH] caddy: add privacy and security headers --- Caddyfile | 18 ++++++++++++++++++ docker-compose.yml | 3 +++ 2 files changed, 21 insertions(+) diff --git a/Caddyfile b/Caddyfile index 57c6b55..aae52d6 100644 --- a/Caddyfile +++ b/Caddyfile @@ -24,3 +24,21 @@ miom.space { www.miom.space { redir https://miom.space{uri} } + +# security and privacy headers +header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security max-age=63072000; + + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # clickjacking protection + X-Frame-Options DENY + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade +} diff --git a/docker-compose.yml b/docker-compose.yml index 2a07b17..ff8b9d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,9 +12,12 @@ services: - caddy_data:/data labels: - triton.cns.services=miom-website + - "com.docker.swarm.affinities=[\"volumename==miomspace_caddy_data\"]" volumes: caddy_data: + external: true + name: miomspace_caddy_data driver: tritonnfs driver_opts: size: "1G"