Eric Bower
·
22 Nov 24
Caddyfile
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 interval 1m
5 burst 10
6 }
7 servers {
8 metrics
9 }
10}
11
12*.{$APP_DOMAIN}, {$APP_DOMAIN} {
13 reverse_proxy web:3000
14 log
15 tls {$APP_EMAIL} {
16 dns cloudflare {$CF_API_TOKEN}
17 resolvers 1.1.1.1
18 }
19 encode zstd gzip
20
21 header {
22 # disable FLoC tracking
23 Permissions-Policy interest-cohort=()
24
25 # enable HSTS
26 Strict-Transport-Security max-age=31536000;
27
28 # disable clients from sniffing the media type
29 X-Content-Type-Options nosniff
30
31 # clickjacking protection
32 X-Frame-Options DENY
33
34 # keep referrer data off of HTTP connections
35 Referrer-Policy no-referrer-when-downgrade
36
37 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
38
39 X-XSS-Protection "1; mode=block"
40 }
41
42 @caddymetrics {
43 host {$APP_DOMAIN}
44 path /_caddy/metrics
45 }
46
47 metrics @caddymetrics {
48 disable_openmetrics
49 }
50
51 @appmetrics {
52 host {$APP_DOMAIN}
53 path /_app/metrics
54 }
55
56 handle @appmetrics {
57 rewrite * /metrics
58 reverse_proxy ssh:9222
59 }
60}
61
62:443 {
63 reverse_proxy web:3000
64 log
65 tls {$APP_EMAIL} {
66 on_demand
67 }
68 encode zstd gzip
69}