- commit
- 6f838d2
- parent
- a5dd2ed
- author
- Eric Bower
- date
- 2025-01-29 20:14:26 -0500 EST
chore: docker-compose.prod-irc.yml
2 files changed,
+2,
-53
+0,
-49
1@@ -4,55 +4,6 @@
2 }
3 }
4
5-*.{$APP_DOMAIN}, {$APP_DOMAIN} {
6- reverse_proxy web:3000
7- tls {$APP_EMAIL} {
8- dns cloudflare {$CF_API_TOKEN}
9- resolvers 1.1.1.1
10- }
11- encode zstd gzip
12-
13- header {
14- # disable FLoC tracking
15- Permissions-Policy interest-cohort=()
16-
17- # enable HSTS
18- Strict-Transport-Security max-age=31536000;
19-
20- # disable clients from sniffing the media type
21- X-Content-Type-Options nosniff
22-
23- # clickjacking protection
24- X-Frame-Options DENY
25-
26- # keep referrer data off of HTTP connections
27- Referrer-Policy no-referrer-when-downgrade
28-
29- Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
30-
31- X-XSS-Protection "1; mode=block"
32- }
33-
34- @caddymetrics {
35- host {$APP_DOMAIN}
36- path /_caddy/metrics
37- }
38-
39- metrics @caddymetrics {
40- disable_openmetrics
41- }
42-
43- @appmetrics {
44- host {$APP_DOMAIN}
45- path /_app/metrics
46- }
47-
48- handle @appmetrics {
49- rewrite * /metrics
50- reverse_proxy ssh:9222
51- }
52-}
53-
54 *.pico.sh, pico.sh {
55 @auth {
56 host auth.pico.sh
+2,
-4
1@@ -4,11 +4,9 @@ services:
2 restart: always
3 networks:
4 - auth
5- - ${AUTH_NETWORK}
6 env_file:
7 - .env.prod
8 environment:
9- APP_DOMAIN: imgs.sh
10 APP_EMAIL: hello@pico.sh
11 volumes:
12 - ./caddy/Caddyfile.auth:/etc/caddy/Caddyfile
13@@ -23,7 +21,7 @@ services:
14 volumes:
15 - ./data/auth-web/data:/app/ssh_data
16 networks:
17- - ${AUTH_NETWORK}
18+ - auth
19 env_file:
20 - .env.prod
21 bouncer-prom-proxy:
22@@ -37,7 +35,7 @@ services:
23 - all
24 bouncer:
25 networks:
26- - ${AUTH_NETWORK}
27+ - auth
28 env_file:
29 - .env.prod
30 ports: