Eric Bower
·
29 Oct 24
Caddyfile.pipe
1{
2 servers {
3 metrics
4 }
5}
6
7*.{$APP_DOMAIN}, {$APP_DOMAIN} {
8 reverse_proxy web:3000
9 tls {$APP_EMAIL} {
10 dns cloudflare {$CF_API_TOKEN}
11 resolvers 1.1.1.1
12 }
13 encode zstd gzip
14
15 header {
16 # disable FLoC tracking
17 Permissions-Policy interest-cohort=()
18
19 # enable HSTS
20 Strict-Transport-Security max-age=31536000;
21
22 # disable clients from sniffing the media type
23 X-Content-Type-Options nosniff
24
25 # clickjacking protection
26 X-Frame-Options DENY
27
28 # keep referrer data off of HTTP connections
29 Referrer-Policy no-referrer-when-downgrade
30
31 X-XSS-Protection "1; mode=block"
32 }
33
34 @caddymetrics {
35 host {$APP_DOMAIN}
36 path /_caddy/metrics
37 }
38
39 metrics @caddymetrics {
40 disable_openmetrics
41 }
42
43 @appmetrics {
44 host {$APP_DOMAIN}
45 path /_app/metrics
46 }
47
48 handle @appmetrics {
49 rewrite * /metrics
50 reverse_proxy ssh:9222
51 }
52}