Maurice/alpine-server-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a519e980804f84ead170f79323e9e1b2284ab21
alpine-server-setup/services/caddy/Caddyfile
Maurice 0a87de85d1 Fix
2025-10-03 16:28:04 +02:00

53 lines
1.5 KiB
Caddyfile
Raw Blame History

# https://hackviser.com/tactics/hardening/caddy
{
auto_https disable_redirects
# Do not write access logs to journald.
log {
exclude http.log.access
}
# Write access logs to the logs volume in JSON format. Only keep logs for the last 30 days.
log access {
format json
output file /data/logs/access.log {
roll_keep_for 720h
}
}
}
# Block with default HTTP config that redirects to HTTPS
(https-redir) {
bind 0.0.0.0:80 # Listen on port 80 (HTTP)
redir https://{host}{uri} 308
}
# Block with default HTTPS config that accepts requests on port 443 (HTTP/1, HTTP/2, and HTTP/3)
(https) {
bind 0.0.0.0:443 # Listen on port 443 (HTTPS)
}
# Block with compression configuration.
(compression) {
encode zstd gzip
}
# Block with headers that should be used by most sites. Add HSTS and other security headers.
# Remove the server header because without it caddy
# leaks the backend server version.
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
# https://scotthelme.co.uk/content-security-policy-an-introduction/
(default-headers) {
header {
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
Content-Security-Policy default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline';
Referrer-Policy: same-origin
-Server
-X-Powered-By
}
}
import *.caddy
Reference in New Issue View Git Blame Copy Permalink