caddy/Caddyfile.prose@main

pico / caddy
dc6d15a
Antonio Mika · 2025-07-10
Caddyfile.prose

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4	}
  5	servers {
  6		metrics
  7		trusted_proxies static 0.0.0.0/0
  8	}
  9}
 10
 11# custom domains
 12:443 {
 13	reverse_proxy web:3000
 14	log {
 15		format append {
 16			server_id {$APP_DOMAIN}
 17		}
 18	}
 19	tls {$APP_EMAIL} {
 20		on_demand
 21	}
 22	encode zstd gzip
 23}
 24
 25# subdomains and root app domain
 26*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 27	reverse_proxy web:3000
 28	log {
 29		format append {
 30			server_id {$APP_DOMAIN}
 31		}
 32	}
 33	tls {$APP_EMAIL} {
 34		dns cloudflare {$CF_API_TOKEN}
 35		resolvers 1.1.1.1
 36	}
 37
 38	encode zstd gzip
 39
 40	header {
 41		# disable FLoC tracking
 42		?Permissions-Policy interest-cohort=()
 43
 44		# enable HSTS
 45		?Strict-Transport-Security max-age=31536000;
 46
 47		# disable clients from sniffing the media type
 48		?X-Content-Type-Options nosniff
 49
 50		# clickjacking protection
 51		?X-Frame-Options DENY
 52
 53		# keep referrer data off of HTTP connections
 54		?Referrer-Policy no-referrer-when-downgrade
 55
 56		?Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
 57
 58		?X-XSS-Protection "1; mode=block"
 59	}
 60
 61	@caddymetrics {
 62		host {$APP_DOMAIN}
 63		path /_caddy/metrics
 64	}
 65
 66	metrics @caddymetrics {
 67		disable_openmetrics
 68	}
 69
 70	@sshmetrics {
 71		host {$APP_DOMAIN}
 72		path /_ssh/metrics
 73	}
 74
 75	handle @sshmetrics {
 76		rewrite * /metrics
 77		reverse_proxy ssh:9222
 78	}
 79
 80	@webmetrics {
 81		host {$APP_DOMAIN}
 82		path /_web/metrics
 83	}
 84
 85	handle @webmetrics {
 86		rewrite * /_metrics
 87		reverse_proxy web:3000
 88	}
 89
 90	@imgproxymetrics {
 91		host {$APP_DOMAIN}
 92		path /_imgproxy/metrics
 93	}
 94
 95	handle @imgproxymetrics {
 96		rewrite * /metrics
 97		reverse_proxy imgproxy:8081
 98	}
 99}
100
101monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
102	@grafana {
103		host grafana.{$MONITORING_APP_DOMAIN}
104	}
105
106	@prometheus {
107		host prometheus.{$MONITORING_APP_DOMAIN}
108	}
109
110	tls {$MONITORING_APP_EMAIL} {
111		dns cloudflare {$CF_API_TOKEN}
112		resolvers 1.1.1.1
113	}
114
115	encode zstd gzip
116
117	reverse_proxy @grafana grafana:3000
118
119	basicauth @prometheus {
120		eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
121		antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
122		bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
123	}
124	reverse_proxy @prometheus prometheus:9090
125
126	@caddymetrics {
127		host monitoring.{$MONITORING_APP_DOMAIN}
128		path /_caddy/metrics
129	}
130
131	metrics @caddymetrics {
132		disable_openmetrics
133	}
134}