Antonio Mika
·
2025-03-07
Caddyfile
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 }
5 servers {
6 metrics
7 }
8}
9
10*.{$APP_DOMAIN}, {$APP_DOMAIN} {
11 reverse_proxy web:3000
12 log {
13 format append {
14 server_id {$APP_DOMAIN}
15 }
16 }
17 tls {$APP_EMAIL} {
18 dns cloudflare {$CF_API_TOKEN}
19 resolvers 1.1.1.1
20 }
21 encode zstd gzip
22
23 header {
24 # disable FLoC tracking
25 Permissions-Policy interest-cohort=()
26
27 # enable HSTS
28 Strict-Transport-Security max-age=31536000;
29
30 # disable clients from sniffing the media type
31 X-Content-Type-Options nosniff
32
33 # clickjacking protection
34 X-Frame-Options DENY
35
36 # keep referrer data off of HTTP connections
37 Referrer-Policy no-referrer-when-downgrade
38
39 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
40
41 X-XSS-Protection "1; mode=block"
42 }
43
44 @caddymetrics {
45 host {$APP_DOMAIN}
46 path /_caddy/metrics
47 }
48
49 metrics @caddymetrics {
50 disable_openmetrics
51 }
52
53 @sshmetrics {
54 host {$APP_DOMAIN}
55 path /_ssh/metrics
56 }
57
58 handle @sshmetrics {
59 rewrite * /metrics
60 reverse_proxy ssh:9222
61 }
62
63 @webmetrics {
64 host {$APP_DOMAIN}
65 path /_web/metrics
66 }
67
68 handle @webmetrics {
69 rewrite * /_metrics
70 reverse_proxy web:3000
71 }
72}
73
74:443 {
75 reverse_proxy web:3000
76 log {
77 format append {
78 server_id {$APP_DOMAIN}
79 }
80 }
81 tls {$APP_EMAIL} {
82 on_demand
83 }
84 encode zstd gzip
85}