Eric Bower
·
28 Nov 24
Caddyfile
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 interval 1m
5 burst 10
6 }
7 servers {
8 metrics
9 }
10}
11
12*.{$APP_DOMAIN}, {$APP_DOMAIN} {
13 reverse_proxy web:3000
14 log {
15 format append {
16 server_id {$APP_DOMAIN}
17 }
18 }
19 tls {$APP_EMAIL} {
20 dns cloudflare {$CF_API_TOKEN}
21 resolvers 1.1.1.1
22 }
23 encode zstd gzip
24
25 header {
26 # disable FLoC tracking
27 Permissions-Policy interest-cohort=()
28
29 # enable HSTS
30 Strict-Transport-Security max-age=31536000;
31
32 # disable clients from sniffing the media type
33 X-Content-Type-Options nosniff
34
35 # clickjacking protection
36 X-Frame-Options DENY
37
38 # keep referrer data off of HTTP connections
39 Referrer-Policy no-referrer-when-downgrade
40
41 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
42
43 X-XSS-Protection "1; mode=block"
44 }
45
46 @caddymetrics {
47 host {$APP_DOMAIN}
48 path /_caddy/metrics
49 }
50
51 metrics @caddymetrics {
52 disable_openmetrics
53 }
54
55 @appmetrics {
56 host {$APP_DOMAIN}
57 path /_app/metrics
58 }
59
60 handle @appmetrics {
61 rewrite * /metrics
62 reverse_proxy ssh:9222
63 }
64}
65
66:443 {
67 reverse_proxy web:3000
68 log {
69 format append {
70 server_id {$APP_DOMAIN}
71 }
72 }
73 tls {$APP_EMAIL} {
74 on_demand
75 }
76 encode zstd gzip
77}