Eric Bower
·
26 Aug 24
Caddyfile.pgs
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 interval 1m
5 burst 10
6 }
7 servers {
8 metrics
9 }
10}
11
12*.{$APP_DOMAIN}, {$APP_DOMAIN} {
13 reverse_proxy web:3000
14 tls {$APP_EMAIL} {
15 dns cloudflare {$CF_API_TOKEN}
16 resolvers 1.1.1.1
17 }
18 encode zstd gzip
19
20 header {
21 # disable FLoC tracking
22 ?Permissions-Policy interest-cohort=()
23
24 # enable HSTS
25 ?Strict-Transport-Security max-age=31536000;
26
27 # disable clients from sniffing the media type
28 ?X-Content-Type-Options nosniff
29
30 # clickjacking protection
31 ?X-Frame-Options DENY
32
33 # keep referrer data off of HTTP connections
34 ?Referrer-Policy no-referrer-when-downgrade
35
36 ?X-XSS-Protection "1; mode=block"
37 }
38
39 @caddymetrics {
40 host {$APP_DOMAIN}
41 path /_caddy/metrics
42 }
43
44 metrics @caddymetrics {
45 disable_openmetrics
46 }
47
48 @appmetrics {
49 host {$APP_DOMAIN}
50 path /_app/metrics
51 }
52
53 handle @appmetrics {
54 rewrite * /metrics
55 reverse_proxy ssh:9222
56 }
57}
58
59monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
60 @grafana {
61 host grafana.{$MONITORING_APP_DOMAIN}
62 }
63
64 @prometheus {
65 host prometheus.{$MONITORING_APP_DOMAIN}
66 }
67
68 tls {$MONITORING_APP_EMAIL} {
69 dns cloudflare {$CF_API_TOKEN}
70 resolvers 1.1.1.1
71 }
72
73 encode zstd gzip
74
75 reverse_proxy @grafana grafana:3000
76
77 basicauth @prometheus {
78 eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
79 antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
80 bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
81 }
82 reverse_proxy @prometheus prometheus:9090
83
84 @caddymetrics {
85 host monitoring.{$MONITORING_APP_DOMAIN}
86 path /_caddy/metrics
87 }
88
89 metrics @caddymetrics {
90 disable_openmetrics
91 }
92}
93
94:443 {
95 reverse_proxy web:3000
96 tls {$APP_EMAIL} {
97 on_demand
98 }
99 encode zstd gzip
100}