Antonio Mika
·
2025-03-07
Caddyfile.auth
1{
2 servers {
3 metrics
4 }
5}
6
7*.pico.sh, pico.sh {
8 @auth {
9 host auth.pico.sh
10 }
11
12 @irc {
13 host irc.pico.sh
14 }
15
16 @ircmetrics {
17 host irc.pico.sh
18 path /_app/metrics
19 }
20
21 @options {
22 method OPTIONS
23 }
24 respond @options 204
25
26 @caddymetrics {
27 host auth.pico.sh
28 path /_caddy/metrics
29 }
30
31 metrics @caddymetrics {
32 disable_openmetrics
33 }
34
35 @webmetrics {
36 host auth.pico.sh
37 path /_web/metrics
38 }
39
40 handle @webmetrics {
41 rewrite * /_metrics
42 reverse_proxy auth-web:3000
43 }
44
45 reverse_proxy @auth auth-web:3000
46
47 reverse_proxy @irc https://bouncer:8080 {
48 transport http {
49 tls_insecure_skip_verify
50 }
51 }
52
53 handle @ircmetrics {
54 rewrite * /metrics
55 reverse_proxy bouncer:80
56 }
57
58 tls {$APP_EMAIL} {
59 dns cloudflare {$CF_API_TOKEN}
60 resolvers 1.1.1.1
61 }
62 encode zstd gzip
63
64 header {
65 # disable FLoC tracking
66 Permissions-Policy interest-cohort=()
67
68 # enable HSTS
69 Strict-Transport-Security max-age=31536000;
70
71 # disable clients from sniffing the media type
72 X-Content-Type-Options nosniff
73
74 # clickjacking protection
75 X-Frame-Options DENY
76
77 # keep referrer data off of HTTP connections
78 Referrer-Policy no-referrer-when-downgrade
79
80 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
81
82 X-XSS-Protection "1; mode=block"
83
84 Access-Control-Allow-Origin "https://chat.pico.sh"
85
86 Access-Control-Allow-Headers "*"
87 }
88}