Antonio Mika
·
13 Nov 23
Caddyfile.minio
1{
2 servers {
3 metrics
4 }
5}
6
7*.minio.{$APP_DOMAIN}, *.{$APP_DOMAIN}, {$APP_DOMAIN} {
8 tls {$APP_EMAIL} {
9 dns cloudflare {$CF_API_TOKEN}
10 resolvers 1.1.1.1
11 }
12 encode zstd gzip
13
14 header {
15 # disable FLoC tracking
16 Permissions-Policy interest-cohort=()
17
18 # enable HSTS
19 Strict-Transport-Security max-age=31536000;
20
21 # disable clients from sniffing the media type
22 X-Content-Type-Options nosniff
23
24 # clickjacking protection
25 X-Frame-Options DENY
26
27 # keep referrer data off of HTTP connections
28 Referrer-Policy no-referrer-when-downgrade
29
30 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
31
32 X-XSS-Protection "1; mode=block"
33 }
34
35 @caddymetrics {
36 host minio.{$APP_DOMAIN}
37 path /_caddy/metrics
38 }
39
40 metrics @caddymetrics {
41 disable_openmetrics
42 }
43
44 @console {
45 host console.minio.{$APP_DOMAIN}
46 }
47
48 handle @console {
49 reverse_proxy minio:9001
50 }
51
52 @imgproxy_prometheus {
53 host imgproxy.{$APP_DOMAIN}
54 path /metrics
55 }
56
57 handle @imgproxy_prometheus {
58 reverse_proxy imgproxy:8081
59 }
60
61 @imgproxy_root {
62 host imgproxy.{$APP_DOMAIN}
63 path /
64 }
65
66 handle @imgproxy_root {
67 redir https://pico.sh
68 }
69
70 @imgproxy {
71 host imgproxy.{$APP_DOMAIN}
72 }
73
74 handle @imgproxy {
75 reverse_proxy imgproxy:8080
76 }
77
78 reverse_proxy minio:9000
79}