- commit
- 0168f72
- parent
- f083f44
- author
- Antonio Mika
- date
- 2023-11-10 21:27:40 +0000 UTC
Added the tuns caddyfile
1 files changed,
+86,
-0
+86,
-0
1@@ -0,0 +1,86 @@
2+{
3+ on_demand_tls {
4+ ask http://web:3000/check
5+ interval 1m
6+ burst 10
7+ }
8+ servers {
9+ metrics
10+ }
11+}
12+
13+*.{$APP_DOMAIN}, {$APP_DOMAIN} {
14+ reverse_proxy web:3000
15+ tls {$APP_EMAIL} {
16+ dns cloudflare {$CF_API_TOKEN}
17+ resolvers 1.1.1.1
18+ }
19+ encode zstd gzip
20+
21+ header {
22+ # disable FLoC tracking
23+ Permissions-Policy interest-cohort=()
24+
25+ # enable HSTS
26+ Strict-Transport-Security max-age=31536000;
27+
28+ # disable clients from sniffing the media type
29+ X-Content-Type-Options nosniff
30+
31+ # clickjacking protection
32+ X-Frame-Options DENY
33+
34+ # keep referrer data off of HTTP connections
35+ Referrer-Policy no-referrer-when-downgrade
36+
37+ Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
38+
39+ X-XSS-Protection "1; mode=block"
40+ }
41+
42+ @caddymetrics {
43+ host {$APP_DOMAIN}
44+ path /_caddy/metrics
45+ }
46+
47+ metrics @caddymetrics {
48+ disable_openmetrics
49+ }
50+
51+ @appmetrics {
52+ host {$APP_DOMAIN}
53+ path /_app/metrics
54+ }
55+
56+ handle @appmetrics {
57+ rewrite * /metrics
58+ reverse_proxy ssh:9222
59+ }
60+}
61+
62+*.{$TUNS_DOMAIN}, {$TUNS_DOMAIN} {
63+ reverse_proxy {$TUNS_V4}:2080
64+ tls {$MONITORING_APP_EMAIL} {
65+ dns cloudflare {$CF_API_TOKEN}
66+ resolvers 1.1.1.1
67+ }
68+
69+ encode zstd gzip
70+
71+ @caddymetrics {
72+ host {$TUNS_DOMAIN}
73+ path /_caddy/metrics
74+ }
75+
76+ metrics @caddymetrics {
77+ disable_openmetrics
78+ }
79+}
80+
81+:443 {
82+ reverse_proxy web:3000
83+ tls {$APP_EMAIL} {
84+ on_demand
85+ }
86+ encode zstd gzip
87+}