Antonio Mika
·
10 Nov 23
Caddyfile.tuns
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 interval 1m
5 burst 10
6 }
7 servers {
8 metrics
9 }
10}
11
12*.{$APP_DOMAIN}, {$APP_DOMAIN} {
13 reverse_proxy web:3000
14 tls {$APP_EMAIL} {
15 dns cloudflare {$CF_API_TOKEN}
16 resolvers 1.1.1.1
17 }
18 encode zstd gzip
19
20 header {
21 # disable FLoC tracking
22 Permissions-Policy interest-cohort=()
23
24 # enable HSTS
25 Strict-Transport-Security max-age=31536000;
26
27 # disable clients from sniffing the media type
28 X-Content-Type-Options nosniff
29
30 # clickjacking protection
31 X-Frame-Options DENY
32
33 # keep referrer data off of HTTP connections
34 Referrer-Policy no-referrer-when-downgrade
35
36 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
37
38 X-XSS-Protection "1; mode=block"
39 }
40
41 @caddymetrics {
42 host {$APP_DOMAIN}
43 path /_caddy/metrics
44 }
45
46 metrics @caddymetrics {
47 disable_openmetrics
48 }
49
50 @appmetrics {
51 host {$APP_DOMAIN}
52 path /_app/metrics
53 }
54
55 handle @appmetrics {
56 rewrite * /metrics
57 reverse_proxy ssh:9222
58 }
59}
60
61*.{$TUNS_DOMAIN}, {$TUNS_DOMAIN} {
62 reverse_proxy {$TUNS_V4}:2080
63 tls {$MONITORING_APP_EMAIL} {
64 dns cloudflare {$CF_API_TOKEN}
65 resolvers 1.1.1.1
66 }
67
68 encode zstd gzip
69
70 @caddymetrics {
71 host {$TUNS_DOMAIN}
72 path /_caddy/metrics
73 }
74
75 metrics @caddymetrics {
76 disable_openmetrics
77 }
78}
79
80:443 {
81 reverse_proxy web:3000
82 tls {$APP_EMAIL} {
83 on_demand
84 }
85 encode zstd gzip
86}