brock/torrentio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79409915cfdeb8adef16e8fdb785d5ca4d52dc04
torrentio/deployment/docker/optional_reverse_proxy/configs/Caddyfile
purple_emily 79409915cf Run pre-commit
2024-03-08 14:34:53 +00:00

63 lines
2.1 KiB
Caddyfile
Raw Blame History

{
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Let's Encrpyt staging environment
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Once you have confirmed Caddy works you should comment out
## the below line:
acme_ca https://acme-staging-v02.api.letsencrypt.org/director
}
(security-headers) {
## These are the recommended default settings in Caddy documentation
## https://caddyserver.com/docs/caddyfile/directives/header
header {
## disable FLoC tracking
Permissions-Policy "interest-cohort=()"
## enable HSTS
Strict-Transport-Security "max-age=300;" # 5 minutes
## NOTE: I have dramatically lowered the above for testing.
## Once you have confirmed that everything works, start increasing the number
## the goal is to have HSTS set to one year with subdomains and preloading :
##
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
##
## Warning: You should ensure that you fully understand the implications
## of HSTS preloading before you include the directive in your policy and
## before you submit. It means that your entire domain and all subdomains,
## including those managed or maintained by third parties, will only work
## with HTTPS. Preloading should be viewed as a one way ticket.
## Whilst it is possible to be removed, it can take a long time and you
## may not be removed from all browsers.
## disable clients from sniffing the media type
X-Content-Type-Options "nosniff"
## clickjacking protection
X-Frame-Options "DENY"
}
}
(cloudflare-tunnel-protection) {
import ./snippets/cloudflare-replace-X-Forwarded-For
trusted_proxies 172.17.0.0/16 # This needs to be your docker subnet
# I believe this is what is configured by default.
# If you can't make it work ask for my help on discord.
}
knightcrawler.your-domain.com {
## Uncomment to enable logging
# log {
# output file /var/log/caddy/knightcrawler.your-domain.com.log {
# roll_size 10mb
# roll_keep 5
# roll_keep_for 720h
# }
# }
encode gzip
## DO NOT ENABLE UNTIL YOU HAVE DISABLED THE TESTING ENVIRONMENT
# import security-headers
reverse_proxy knightcrawler-addon:7000
}
Reference in New Issue View Git Blame Copy Permalink