caddy: add privacy and security headers
This commit is contained in:
parent
1cfa57135d
commit
cea275f8e8
GPG key ID:
4FA1D3FA524F22C1
18
Caddyfile
18
Caddyfile
|
|
@ -24,3 +24,21 @@ miom.space {
|
||||||
www.miom.space {
|
www.miom.space {
|
||||||
redir https://miom.space{uri}
|
redir https://miom.space{uri}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# security and privacy headers
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy interest-cohort=()
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security max-age=63072000;
|
||||||
|
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# clickjacking protection
|
||||||
|
X-Frame-Options DENY
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,12 @@ services:
|
||||||
- caddy_data:/data
|
- caddy_data:/data
|
||||||
labels:
|
labels:
|
||||||
- triton.cns.services=miom-website
|
- triton.cns.services=miom-website
|
||||||
|
- "com.docker.swarm.affinities=[\"volumename==miomspace_caddy_data\"]"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
caddy_data:
|
caddy_data:
|
||||||
|
external: true
|
||||||
|
name: miomspace_caddy_data
|
||||||
driver: tritonnfs
|
driver: tritonnfs
|
||||||
driver_opts:
|
driver_opts:
|
||||||
size: "1G"
|
size: "1G"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue