repos / pico

pico services - prose.sh, pastes.sh, imgs.sh, feeds.sh, pgs.sh
git clone https://github.com/picosh/pico.git

pico / caddy
Antonio Mika · 13 Nov 23

Caddyfile.minio

 1{
 2	servers {
 3		metrics
 4	}
 5}
 6
 7*.minio.{$APP_DOMAIN}, *.{$APP_DOMAIN}, {$APP_DOMAIN} {
 8	tls {$APP_EMAIL} {
 9		dns cloudflare {$CF_API_TOKEN}
10		resolvers 1.1.1.1
11	}
12	encode zstd gzip
13
14	header {
15		# disable FLoC tracking
16		Permissions-Policy interest-cohort=()
17
18		# enable HSTS
19		Strict-Transport-Security max-age=31536000;
20
21		# disable clients from sniffing the media type
22		X-Content-Type-Options nosniff
23
24		# clickjacking protection
25		X-Frame-Options DENY
26
27		# keep referrer data off of HTTP connections
28		Referrer-Policy no-referrer-when-downgrade
29
30		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
31
32		X-XSS-Protection "1; mode=block"
33	}
34
35	@caddymetrics {
36		host minio.{$APP_DOMAIN}
37		path /_caddy/metrics
38	}
39
40	metrics @caddymetrics {
41		disable_openmetrics
42	}
43
44	@console {
45		host console.minio.{$APP_DOMAIN}
46	}
47
48	handle @console {
49		reverse_proxy minio:9001
50	}
51
52	@imgproxy_prometheus {
53		host imgproxy.{$APP_DOMAIN}
54		path /metrics
55	}
56
57	handle @imgproxy_prometheus {
58		reverse_proxy imgproxy:8081
59	}
60
61	@imgproxy_root {
62		host imgproxy.{$APP_DOMAIN}
63		path /
64	}
65
66	handle @imgproxy_root {
67		redir https://pico.sh
68	}
69
70	@imgproxy {
71		host imgproxy.{$APP_DOMAIN}
72	}
73
74	handle @imgproxy {
75		reverse_proxy imgproxy:8080
76	}
77
78	reverse_proxy minio:9000
79}