caddy: add privacy and security headers

This commit is contained in:
teutat3s 2022-01-17 10:50:27 +01:00
parent 1cfa57135d
commit cea275f8e8
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
2 changed files with 21 additions and 0 deletions

View file

@ -24,3 +24,21 @@ miom.space {
www.miom.space { www.miom.space {
redir https://miom.space{uri} redir https://miom.space{uri}
} }
# security and privacy headers
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=63072000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
}

View file

@ -12,9 +12,12 @@ services:
- caddy_data:/data - caddy_data:/data
labels: labels:
- triton.cns.services=miom-website - triton.cns.services=miom-website
- "com.docker.swarm.affinities=[\"volumename==miomspace_caddy_data\"]"
volumes: volumes:
caddy_data: caddy_data:
external: true
name: miomspace_caddy_data
driver: tritonnfs driver: tritonnfs
driver_opts: driver_opts:
size: "1G" size: "1G"