caddy/Caddyfile.prose@main

pico / caddy
f987b11
Antonio Mika · 2025-06-17
Caddyfile.prose

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4	}
  5	servers {
  6		metrics
  7		trusted_proxies static 0.0.0.0/0
  8	}
  9}
 10
 11# custom domains
 12:443 {
 13	reverse_proxy web:3000
 14	log {
 15		format append {
 16			server_id {$APP_DOMAIN}
 17		}
 18	}
 19	tls {$APP_EMAIL} {
 20		on_demand
 21	}
 22	encode zstd gzip
 23}
 24
 25# subdomains and root app domain
 26*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 27	reverse_proxy web:3000
 28	log {
 29		format append {
 30			server_id {$APP_DOMAIN}
 31		}
 32	}
 33	tls {$APP_EMAIL} {
 34		dns cloudflare {$CF_API_TOKEN}
 35		resolvers 1.1.1.1
 36	}
 37
 38	encode zstd gzip
 39
 40	header {
 41		# disable FLoC tracking
 42		?Permissions-Policy interest-cohort=()
 43
 44		# enable HSTS
 45		?Strict-Transport-Security max-age=31536000;
 46
 47		# disable clients from sniffing the media type
 48		?X-Content-Type-Options nosniff
 49
 50		# clickjacking protection
 51		?X-Frame-Options DENY
 52
 53		# keep referrer data off of HTTP connections
 54		?Referrer-Policy no-referrer-when-downgrade
 55
 56		?Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
 57
 58		?X-XSS-Protection "1; mode=block"
 59	}
 60
 61	@caddymetrics {
 62		host {$APP_DOMAIN}
 63		path /_caddy/metrics
 64	}
 65
 66	metrics @caddymetrics {
 67		disable_openmetrics
 68	}
 69
 70	@sshmetrics {
 71		host {$APP_DOMAIN}
 72		path /_ssh/metrics
 73	}
 74
 75	handle @sshmetrics {
 76		rewrite * /metrics
 77		reverse_proxy ssh:9222
 78	}
 79
 80	@webmetrics {
 81		host {$APP_DOMAIN}
 82		path /_web/metrics
 83	}
 84
 85	handle @webmetrics {
 86		rewrite * /_metrics
 87		reverse_proxy web:3000
 88	}
 89}
 90
 91monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
 92	@grafana {
 93		host grafana.{$MONITORING_APP_DOMAIN}
 94	}
 95
 96	@prometheus {
 97		host prometheus.{$MONITORING_APP_DOMAIN}
 98	}
 99
100	tls {$MONITORING_APP_EMAIL} {
101		dns cloudflare {$CF_API_TOKEN}
102		resolvers 1.1.1.1
103	}
104
105	encode zstd gzip
106
107	reverse_proxy @grafana grafana:3000
108
109	basicauth @prometheus {
110		eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
111		antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
112		bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
113	}
114	reverse_proxy @prometheus prometheus:9090
115
116	@caddymetrics {
117		host monitoring.{$MONITORING_APP_DOMAIN}
118		path /_caddy/metrics
119	}
120
121	metrics @caddymetrics {
122		disable_openmetrics
123	}
124}