Antonio Mika
·
2025-06-17
Caddyfile.pgs
1{
2 on_demand_tls {
3 ask http://web:3000/check
4 }
5 servers {
6 metrics
7 trusted_proxies static 0.0.0.0/0
8 }
9}
10
11# custom domains
12:443 {
13 reverse_proxy web:3000
14 log {
15 format append {
16 server_id {$APP_DOMAIN}
17 }
18 }
19 tls {$APP_EMAIL} {
20 on_demand
21 }
22 encode zstd gzip
23}
24
25# subdomains and root pgs domain
26*.{$APP_DOMAIN}, {$APP_DOMAIN} {
27 reverse_proxy web:3000
28 log {
29 format append {
30 server_id {$APP_DOMAIN}
31 }
32 }
33 tls {$APP_EMAIL} {
34 dns cloudflare {$CF_API_TOKEN}
35 resolvers 1.1.1.1
36 }
37
38 encode zstd gzip
39
40 header {
41 # disable FLoC tracking
42 ?Permissions-Policy interest-cohort=()
43
44 # enable HSTS
45 ?Strict-Transport-Security max-age=31536000;
46
47 # disable clients from sniffing the media type
48 ?X-Content-Type-Options nosniff
49
50 # clickjacking protection
51 ?X-Frame-Options DENY
52
53 # keep referrer data off of HTTP connections
54 ?Referrer-Policy no-referrer-when-downgrade
55
56 ?X-XSS-Protection "1; mode=block"
57 }
58
59 @caddymetrics {
60 host {$APP_DOMAIN}
61 path /_caddy/metrics
62 }
63
64 metrics @caddymetrics {
65 disable_openmetrics
66 }
67
68 @sshmetrics {
69 host {$APP_DOMAIN}
70 path /_ssh/metrics
71 }
72
73 handle @sshmetrics {
74 rewrite * /metrics
75 reverse_proxy ssh:9222
76 }
77
78 @webmetrics {
79 host {$APP_DOMAIN}
80 path /_web/metrics
81 }
82
83 handle @webmetrics {
84 rewrite * /_metrics
85 reverse_proxy web:3000
86 }
87}