jolheiser
·
2025-04-05
Caddyfile
1{$APP_DOMAIN} {
2 reverse_proxy web:3000
3 tls {$APP_EMAIL} {
4 dns cloudflare {$CF_API_TOKEN}
5 resolvers 1.1.1.1
6 }
7 encode zstd gzip
8
9 header {
10 # disable FLoC tracking
11 Permissions-Policy interest-cohort=()
12
13 # enable HSTS
14 Strict-Transport-Security max-age=31536000;
15
16 # disable clients from sniffing the media type
17 X-Content-Type-Options nosniff
18
19 # clickjacking protection
20 X-Frame-Options DENY
21
22 # keep referrer data off of HTTP connections
23 Referrer-Policy no-referrer-when-downgrade
24
25 Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
26
27 X-XSS-Protection "1; mode=block"
28 }
29
30 @caddymetrics {
31 host {$APP_DOMAIN}
32 path /_caddy/metrics
33 }
34
35 metrics @caddymetrics {
36 disable_openmetrics
37 }
38
39 @appmetrics {
40 host {$APP_DOMAIN}
41 path /_app/metrics
42 }
43
44 handle @appmetrics {
45 rewrite * /metrics
46 reverse_proxy ssh:9222
47 }
48}
49
50:443 {
51 reverse_proxy git-web:3000
52 encode zstd gzip
53}