caddy: use snippet for headers, format with caddy fmt
parent
1acf62b413
commit
db55583367
GPG Key ID:
4FA1D3FA524F22C1
66
Caddyfile
66
Caddyfile
|
|
@ -1,44 +1,48 @@
|
|||
# global options
|
||||
{
|
||||
# remove comment to use staging Let's Encrypt servers (for testing)
|
||||
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# remove comment to use staging Let's Encrypt servers (for testing)
|
||||
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
|
||||
# auto_https contact mail address, for TLS certs notifications (expiry,
|
||||
# other problems with certs)
|
||||
email admins@pub.solar
|
||||
# auto_https contact mail address, for TLS certs notifications (expiry,
|
||||
# other problems with certs)
|
||||
email admins@pub.solar
|
||||
}
|
||||
|
||||
# security and privacy header snippet
|
||||
(security_headers) {
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=63072000;
|
||||
|
||||
# disable clients from sniffing the media type
|
||||
X-Content-Type-Options nosniff
|
||||
|
||||
# clickjacking protection
|
||||
X-Frame-Options DENY
|
||||
|
||||
# keep referrer data off of HTTP connections
|
||||
Referrer-Policy no-referrer-when-downgrade
|
||||
}
|
||||
}
|
||||
|
||||
# static file server
|
||||
miom.space {
|
||||
root * /srv/miom.space
|
||||
file_server
|
||||
import security_headers
|
||||
root * /srv/miom.space
|
||||
file_server
|
||||
|
||||
# caddys default is no access logs at all
|
||||
# comment this block out for debugging
|
||||
#log {
|
||||
# output file /var/log/caddy-access.log
|
||||
#}
|
||||
# caddys default is no access logs at all
|
||||
# comment this block out for debugging
|
||||
#log {
|
||||
# output file /var/log/caddy-access.log
|
||||
#}
|
||||
}
|
||||
|
||||
# redirect www. subdomain to apex (root) domain
|
||||
www.miom.space {
|
||||
redir https://miom.space{uri}
|
||||
}
|
||||
|
||||
# security and privacy headers
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=63072000;
|
||||
|
||||
# disable clients from sniffing the media type
|
||||
X-Content-Type-Options nosniff
|
||||
|
||||
# clickjacking protection
|
||||
X-Frame-Options DENY
|
||||
|
||||
# keep referrer data off of HTTP connections
|
||||
Referrer-Policy no-referrer-when-downgrade
|
||||
import security_headers
|
||||
redir https://miom.space{uri}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue