54 lines
2.5 KiB
Caddyfile
54 lines
2.5 KiB
Caddyfile
{
|
|
admin off
|
|
auto_https off
|
|
persist_config off
|
|
log default {
|
|
output stderr
|
|
format console
|
|
}
|
|
grace_period 10s
|
|
shutdown_delay 30s
|
|
}
|
|
|
|
# Main server
|
|
:8080 {
|
|
header {
|
|
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
|
|
|
|
# Remove headers which leak server information
|
|
-Server
|
|
-X-Powered-By
|
|
|
|
# Add security headers
|
|
X-Frame-Options "DENY"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
|
Cross-Origin-Opener-Policy "same-origin"
|
|
Cross-Origin-Resource-Policy "same-site"
|
|
Content-Security-Policy "default-src 'self'; connect-src 'self' {$CADDY_SUPABASE_URL} https://hcaptcha.com https://*.hcaptcha.com https://*.sentry.io; font-src 'self' data:; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' blob: https://*.basemaps.cartocdn.com; media-src 'self' blob:; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; object-src 'none';"
|
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=self, battery=(), bluetooth=(), browsing-topics=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=self, gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=self, publickey-credentials-get=self, screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-shared=(), window-management=(), xr-spatial-tracking=(), interest-cohort=()"
|
|
}
|
|
|
|
# Single Page Application (https://caddyserver.com/docs/caddyfile/patterns#single-page-apps-spas)
|
|
handle {
|
|
root * /usr/share/caddy
|
|
encode gzip
|
|
try_files {path} /index.html
|
|
templates /runtime-vars.js {
|
|
mime text/javascript
|
|
}
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# Internal health check
|
|
:8081 {
|
|
# See https://caddyserver.com/docs/caddyfile/options#shutdown-delay
|
|
handle {
|
|
@goingDown vars {http.shutting_down} true
|
|
respond @goingDown "Going down in {http.time_until_shutdown}" 503
|
|
respond "OK" 200
|
|
}
|
|
}
|