repos / pico

pico services - prose.sh, pastes.sh, imgs.sh, feeds.sh, pgs.sh
git clone https://github.com/picosh/pico.git
pico / caddy
refactor(pgs): use soiun in-app for http caching
ab36b3f
Eric Bower · 10 Dec 24

Caddyfile.pgs

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4		interval 1m
  5		burst 10
  6	}
  7	servers {
  8		metrics
  9		trusted_proxies static 0.0.0.0/0
 10	}
 11}
 12
 13# custom domains
 14:443 {
 15	reverse_proxy web:3000
 16	log {
 17		format append {
 18			server_id {$APP_DOMAIN}
 19		}
 20	}
 21	tls {$APP_EMAIL} {
 22		on_demand
 23	}
 24	encode zstd gzip
 25}
 26
 27# subdomains and root pgs domain
 28*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 29	reverse_proxy web:3000
 30	log {
 31		format append {
 32			server_id {$APP_DOMAIN}
 33		}
 34	}
 35	tls {$APP_EMAIL} {
 36		dns cloudflare {$CF_API_TOKEN}
 37		resolvers 1.1.1.1
 38	}
 39
 40	encode zstd gzip
 41
 42	header {
 43		# disable FLoC tracking
 44		?Permissions-Policy interest-cohort=()
 45
 46		# enable HSTS
 47		?Strict-Transport-Security max-age=31536000;
 48
 49		# disable clients from sniffing the media type
 50		?X-Content-Type-Options nosniff
 51
 52		# clickjacking protection
 53		?X-Frame-Options DENY
 54
 55		# keep referrer data off of HTTP connections
 56		?Referrer-Policy no-referrer-when-downgrade
 57
 58		?X-XSS-Protection "1; mode=block"
 59	}
 60
 61	@caddymetrics {
 62		host {$APP_DOMAIN}
 63		path /_caddy/metrics
 64	}
 65
 66	metrics @caddymetrics {
 67		disable_openmetrics
 68	}
 69
 70	@appmetrics {
 71		host {$APP_DOMAIN}
 72		path /_app/metrics
 73	}
 74
 75	handle @appmetrics {
 76		rewrite * /metrics
 77		reverse_proxy ssh:9222
 78	}
 79}
 80
 81monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
 82	@grafana {
 83		host grafana.{$MONITORING_APP_DOMAIN}
 84	}
 85
 86	@prometheus {
 87		host prometheus.{$MONITORING_APP_DOMAIN}
 88	}
 89
 90	tls {$MONITORING_APP_EMAIL} {
 91		dns cloudflare {$CF_API_TOKEN}
 92		resolvers 1.1.1.1
 93	}
 94
 95	encode zstd gzip
 96
 97	reverse_proxy @grafana grafana:3000
 98
 99	basicauth @prometheus {
100		eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
101		antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
102		bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
103	}
104	reverse_proxy @prometheus prometheus:9090
105
106	@caddymetrics {
107		host monitoring.{$MONITORING_APP_DOMAIN}
108		path /_caddy/metrics
109	}
110
111	metrics @caddymetrics {
112		disable_openmetrics
113	}
114}