Antonio Mika
·
2025-06-17
Caddyfile
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 }
5 servers {
6 metrics
7 trusted_proxies static 0.0.0.0/0
8 }
9}
10
11# custom domains
12:443 {
13 reverse_proxy web:3000
14 log {
15 format append {
16 server_id {$APP_DOMAIN}
17 }
18 }
19 tls {$APP_EMAIL} {
20 on_demand
21 }
22 encode zstd gzip
23}
24
25# subdomains and root app domain
26*.{$APP_DOMAIN}, {$APP_DOMAIN} {
27 reverse_proxy web:3000
28 log {
29 format append {
30 server_id {$APP_DOMAIN}
31 }
32 }
33 tls {$APP_EMAIL} {
34 dns cloudflare {$CF_API_TOKEN}
35 resolvers 1.1.1.1
36 }
37
38 encode zstd gzip
39
40 header {
41 # disable FLoC tracking
42 Permissions-Policy interest-cohort=()
43
44 # enable HSTS
45 Strict-Transport-Security max-age=31536000;
46
47 # disable clients from sniffing the media type
48 X-Content-Type-Options nosniff
49
50 # clickjacking protection
51 X-Frame-Options DENY
52
53 # keep referrer data off of HTTP connections
54 Referrer-Policy no-referrer-when-downgrade
55
56 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
57
58 X-XSS-Protection "1; mode=block"
59 }
60
61 @caddymetrics {
62 host {$APP_DOMAIN}
63 path /_caddy/metrics
64 }
65
66 metrics @caddymetrics {
67 disable_openmetrics
68 }
69
70 @sshmetrics {
71 host {$APP_DOMAIN}
72 path /_ssh/metrics
73 }
74
75 handle @sshmetrics {
76 rewrite * /metrics
77 reverse_proxy ssh:9222
78 }
79
80 @webmetrics {
81 host {$APP_DOMAIN}
82 path /_web/metrics
83 }
84
85 handle @webmetrics {
86 rewrite * /_metrics
87 reverse_proxy web:3000
88 }
89}