repos / pico

pico services - prose.sh, pastes.sh, imgs.sh, feeds.sh, pgs.sh
git clone https://github.com/picosh/pico.git
pico / caddy
Update caddyfiles
760d3c6
Antonio Mika · 11 Oct 24

Caddyfile.auth

  1{
  2	servers {
  3		metrics
  4	}
  5}
  6
  7*.{$APP_DOMAIN}, {$APP_DOMAIN} {
  8	reverse_proxy web:3000
  9	tls {$APP_EMAIL} {
 10		dns cloudflare {$CF_API_TOKEN}
 11		resolvers 1.1.1.1
 12	}
 13	encode zstd gzip
 14
 15	header {
 16		# disable FLoC tracking
 17		Permissions-Policy interest-cohort=()
 18
 19		# enable HSTS
 20		Strict-Transport-Security max-age=31536000;
 21
 22		# disable clients from sniffing the media type
 23		X-Content-Type-Options nosniff
 24
 25		# clickjacking protection
 26		X-Frame-Options DENY
 27
 28		# keep referrer data off of HTTP connections
 29		Referrer-Policy no-referrer-when-downgrade
 30
 31		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
 32
 33		X-XSS-Protection "1; mode=block"
 34	}
 35
 36	@caddymetrics {
 37		host {$APP_DOMAIN}
 38		path /_caddy/metrics
 39	}
 40
 41	metrics @caddymetrics {
 42		disable_openmetrics
 43	}
 44
 45	@appmetrics {
 46		host {$APP_DOMAIN}
 47		path /_app/metrics
 48	}
 49
 50	handle @appmetrics {
 51		rewrite * /metrics
 52		reverse_proxy ssh:9222
 53	}
 54}
 55
 56*.pico.sh, pico.sh {
 57	@auth {
 58		host auth.pico.sh
 59	}
 60
 61	@irc {
 62		host irc.pico.sh
 63	}
 64
 65	@ircmetrics {
 66		host irc.pico.sh
 67		path /_app/metrics
 68	}
 69
 70	@options {
 71		method OPTIONS
 72	}
 73	respond @options 204
 74
 75	@caddymetrics {
 76		path /_caddy/metrics
 77	}
 78
 79	metrics @caddymetrics {
 80		disable_openmetrics
 81	}
 82
 83	reverse_proxy @auth auth-web:3000
 84
 85	reverse_proxy @irc https://bouncer:8080 {
 86		transport http {
 87			tls_insecure_skip_verify
 88		}
 89	}
 90
 91	handle @ircmetrics {
 92		rewrite * /metrics
 93		reverse_proxy bouncer:80
 94	}
 95
 96	tls {$APP_EMAIL} {
 97		dns cloudflare {$CF_API_TOKEN}
 98		resolvers 1.1.1.1
 99	}
100	encode zstd gzip
101
102	header {
103		# disable FLoC tracking
104		Permissions-Policy interest-cohort=()
105
106		# enable HSTS
107		Strict-Transport-Security max-age=31536000;
108
109		# disable clients from sniffing the media type
110		X-Content-Type-Options nosniff
111
112		# clickjacking protection
113		X-Frame-Options DENY
114
115		# keep referrer data off of HTTP connections
116		Referrer-Policy no-referrer-when-downgrade
117
118		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
119
120		X-XSS-Protection "1; mode=block"
121
122		Access-Control-Allow-Origin "https://chat.pico.sh"
123
124		Access-Control-Allow-Headers "*"
125	}
126}