repos / pico

pico services - prose.sh, pastes.sh, imgs.sh, feeds.sh, pgs.sh
git clone https://github.com/picosh/pico.git
pico / caddy
fix(pgs): trusted_proxies
6ecebee
Eric Bower · 15 Nov 24

Caddyfile.pgs

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4		interval 1m
  5		burst 10
  6	}
  7	servers {
  8		metrics
  9		trusted_proxies static 0.0.0.0/0
 10	}
 11}
 12
 13*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 14	reverse_proxy web:3000
 15	log
 16	tls {$APP_EMAIL} {
 17		dns cloudflare {$CF_API_TOKEN}
 18		resolvers 1.1.1.1
 19	}
 20	encode zstd gzip
 21
 22	header {
 23		# disable FLoC tracking
 24		?Permissions-Policy interest-cohort=()
 25
 26		# enable HSTS
 27		?Strict-Transport-Security max-age=31536000;
 28
 29		# disable clients from sniffing the media type
 30		?X-Content-Type-Options nosniff
 31
 32		# clickjacking protection
 33		?X-Frame-Options DENY
 34
 35		# keep referrer data off of HTTP connections
 36		?Referrer-Policy no-referrer-when-downgrade
 37
 38		?X-XSS-Protection "1; mode=block"
 39	}
 40
 41	@caddymetrics {
 42		host {$APP_DOMAIN}
 43		path /_caddy/metrics
 44	}
 45
 46	metrics @caddymetrics {
 47		disable_openmetrics
 48	}
 49
 50	@appmetrics {
 51		host {$APP_DOMAIN}
 52		path /_app/metrics
 53	}
 54
 55	handle @appmetrics {
 56		rewrite * /metrics
 57		reverse_proxy ssh:9222
 58	}
 59}
 60
 61monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
 62	@grafana {
 63		host grafana.{$MONITORING_APP_DOMAIN}
 64	}
 65
 66	@prometheus {
 67		host prometheus.{$MONITORING_APP_DOMAIN}
 68	}
 69
 70	tls {$MONITORING_APP_EMAIL} {
 71		dns cloudflare {$CF_API_TOKEN}
 72		resolvers 1.1.1.1
 73	}
 74
 75	encode zstd gzip
 76
 77	reverse_proxy @grafana grafana:3000
 78
 79	basicauth @prometheus {
 80		eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
 81		antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
 82		bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
 83	}
 84	reverse_proxy @prometheus prometheus:9090
 85
 86	@caddymetrics {
 87		host monitoring.{$MONITORING_APP_DOMAIN}
 88		path /_caddy/metrics
 89	}
 90
 91	metrics @caddymetrics {
 92		disable_openmetrics
 93	}
 94}
 95
 96:443 {
 97	reverse_proxy web:3000
 98	tls {$APP_EMAIL} {
 99		on_demand
100	}
101	encode zstd gzip
102}