- commit
- 63327f3
- parent
- 3388fdc
- author
- Antonio Mika
- date
- 2022-08-26 14:35:51 +0000 UTC
Added caddy configurations for minio
3 files changed,
+68,
-2
+5,
-2
1@@ -1,10 +1,13 @@
2 DATABASE_URL=postgresql://postgres:secret@postgres:5432/pico?sslmode=disable
3 POSTGRES_PASSWORD=secret
4+CF_API_TOKEN=secret
5+
6+MINIO_DOMAIN=minio.dev.pico.sh
7+MINIO_EMAIL=hello@pico.sh
8 MINIO_URL=http://minio:9000
9-MINIO_BROWSER_REDIRECT_URL=http://localhost:9001
10+MINIO_BROWSER_REDIRECT_URL=http://console.$MINIO_DOMAIN:9001
11 MINIO_ROOT_USER=miniosecret
12 MINIO_ROOT_PASSWORD=miniosecret
13-CF_API_TOKEN=secret
14
15 LISTS_V4=
16 LISTS_V6=
+45,
-0
1@@ -0,0 +1,45 @@
2+*.{$APP_DOMAIN}, {$APP_DOMAIN} {
3+ reverse_proxy minio:9000
4+ tls {$APP_EMAIL} {
5+ dns cloudflare {$CF_API_TOKEN}
6+ }
7+ encode zstd gzip
8+
9+ header {
10+ # disable FLoC tracking
11+ Permissions-Policy interest-cohort=()
12+
13+ # enable HSTS
14+ Strict-Transport-Security max-age=31536000;
15+
16+ # disable clients from sniffing the media type
17+ X-Content-Type-Options nosniff
18+
19+ # clickjacking protection
20+ X-Frame-Options DENY
21+
22+ # keep referrer data off of HTTP connections
23+ Referrer-Policy no-referrer-when-downgrade
24+
25+ Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
26+
27+ X-XSS-Protection "1; mode=block"
28+ }
29+
30+ @caddymetrics {
31+ host {$APP_DOMAIN}
32+ path /_caddy/metrics
33+ }
34+
35+ metrics @caddymetrics {
36+ disable_openmetrics
37+ }
38+
39+ @console {
40+ host console.{$APP_DOMAIN}
41+ }
42+
43+ handle @appmetrics {
44+ reverse_proxy minio:9001
45+ }
46+}
+18,
-0
1@@ -7,6 +7,24 @@ services:
2 - ./data/postgres-data:/var/lib/postgresql/data
3 ports:
4 - "5432:5432"
5+ minio-caddy:
6+ image: neurosnap/pico-caddy:latest
7+ restart: always
8+ env_file:
9+ - .env.prod
10+ environment:
11+ APP_DOMAIN: ${MINIO_DOMAIN:-minio.pico.sh}
12+ APP_EMAIL: ${MINIO_EMAIL:-hello@pico.sh}
13+ volumes:
14+ - ./caddy/Caddyfile.minio:/etc/caddy/Caddyfile
15+ - ./data/minio-caddy/data:/data
16+ - ./data/minio-caddy/config:/config
17+ ports:
18+ - "80:80"
19+ - "443:443"
20+ profiles:
21+ - db
22+ - all
23 minio:
24 env_file:
25 - .env.prod