fly-apps/static/Caddyfile

50 lines
1.3 KiB
Caddyfile
Raw Normal View History

2022-08-09 04:31:25 +00:00
{
# fly.io handles HTTPS for us
auto_https off
}
http://static-mat-services.fly.dev/ {
redir https://mat.services/
}
:8080 {
root * /var/www
2022-08-13 04:48:18 +00:00
encode gzip
2022-08-09 04:31:25 +00:00
file_server
2022-08-10 04:20:12 +00:00
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
2022-08-13 04:48:18 +00:00
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
# currently ramping up max-age as per https://hstspreload.org/
Strict-Transport-Security max-age=300; includeSubDomains
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy strict-origin-when-cross-origin
# content security policy
2022-08-13 12:47:41 +00:00
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
2022-08-13 04:48:18 +00:00
Content-Security-Policy "default-src 'none';
img-src 'self';
2022-08-13 05:08:48 +00:00
style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
2022-08-13 04:53:29 +00:00
font-src 'self' https://cdn.jsdelivr.net/;
2022-08-13 05:12:32 +00:00
form-action 'none';
2022-08-13 04:48:18 +00:00
frame-ancestors 'none';
base-uri 'none';
upgrade-insecure-requests;
2022-08-13 12:47:41 +00:00
sandbox allow-same-origin allow-popups"
2022-08-13 04:48:18 +00:00
}
2022-08-13 12:41:56 +00:00
}