55 lines
1.2 KiB
Caddyfile
55 lines
1.2 KiB
Caddyfile
# global options
|
|
{
|
|
# remove comment to use staging Let's Encrypt servers (for testing)
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
|
|
# auto_https contact mail address, for TLS certs notifications (expiry,
|
|
# other problems with certs)
|
|
email admins@pub.solar
|
|
|
|
# Fix for crash on triton, see:
|
|
# https://smartos.topicbox.com/groups/smartos-discuss/Te8e92fc14c1b3f9d
|
|
servers {
|
|
protocols h1 h2
|
|
}
|
|
}
|
|
|
|
# security and privacy header snippet
|
|
(security_headers) {
|
|
header {
|
|
# disable FLoC tracking
|
|
Permissions-Policy interest-cohort=()
|
|
|
|
# enable HSTS
|
|
Strict-Transport-Security max-age=63072000;
|
|
|
|
# disable clients from sniffing the media type
|
|
X-Content-Type-Options nosniff
|
|
|
|
# clickjacking protection
|
|
X-Frame-Options DENY
|
|
|
|
# keep referrer data off of HTTP connections
|
|
Referrer-Policy no-referrer-when-downgrade
|
|
}
|
|
}
|
|
|
|
# static file server
|
|
miom.space {
|
|
import security_headers
|
|
root * /srv/miom.space
|
|
file_server
|
|
|
|
# caddys default is no access logs at all
|
|
# comment this block out for debugging
|
|
#log {
|
|
# output file /var/log/caddy-access.log
|
|
#}
|
|
}
|
|
|
|
# redirect www. subdomain to apex (root) domain
|
|
www.miom.space {
|
|
import security_headers
|
|
redir https://miom.space{uri}
|
|
}
|