MiOM/miom.space
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

caddy: use snippet for headers, format with caddy fmt

Browse source
This commit is contained in:
teutat3s 2022-04-01 10:49:37 +02:00
parent 1acf62b413
commit db55583367
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
1 changed files with 35 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
Caddyfile
View file

@ -1,44 +1,48 @@
# global options # global options
{ {
# remove comment to use staging Let's Encrypt servers (for testing) # remove comment to use staging Let's Encrypt servers (for testing)
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
# auto_https contact mail address, for TLS certs notifications (expiry, # auto_https contact mail address, for TLS certs notifications (expiry,
# other problems with certs) # other problems with certs)
email admins@pub.solar email admins@pub.solar
}
# security and privacy header snippet
(security_headers) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=63072000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
}
} }
# static file server # static file server
miom.space { miom.space {
root * /srv/miom.space import security_headers
file_server root * /srv/miom.space
file_server
# caddys default is no access logs at all # caddys default is no access logs at all
# comment this block out for debugging # comment this block out for debugging
#log { #log {
# output file /var/log/caddy-access.log # output file /var/log/caddy-access.log
#} #}
} }
# redirect www. subdomain to apex (root) domain # redirect www. subdomain to apex (root) domain
www.miom.space { www.miom.space {
redir https://miom.space{uri} import security_headers
} redir https://miom.space{uri}
# security and privacy headers
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=63072000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
} }