Use SITE_ROOT
parent
3f5e9edfbe
commit
c78f4efc98
|
@ -1 +1,2 @@
|
|||
.nvimlog
|
||||
*.priv.*
|
|
@ -3,12 +3,12 @@
|
|||
auto_https off
|
||||
}
|
||||
|
||||
http://static-mat-services.fly.dev/ {
|
||||
redir https://mat.services/
|
||||
http://static-mat-services.fly.dev {
|
||||
redir https://mat.services
|
||||
}
|
||||
|
||||
:8080 {
|
||||
root * /var/www
|
||||
root * {$SITE_ROOT}
|
||||
encode gzip
|
||||
file_server
|
||||
|
||||
|
@ -20,12 +20,16 @@ http://static-mat-services.fly.dev/ {
|
|||
file_server
|
||||
}
|
||||
|
||||
log {
|
||||
output stdout
|
||||
}
|
||||
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
# enable HSTS
|
||||
# currently ramping up max-age as per https://hstspreload.org/
|
||||
Strict-Transport-Security max-age=604800; includeSubDomains
|
||||
Strict-Transport-Security max-age=2592000; includeSubDomains
|
||||
# disable clients from sniffing the media type
|
||||
X-Content-Type-Options nosniff
|
||||
# clickjacking protection
|
||||
|
@ -37,8 +41,9 @@ http://static-mat-services.fly.dev/ {
|
|||
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
||||
Content-Security-Policy "default-src 'none';
|
||||
img-src 'self';
|
||||
style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
|
||||
font-src 'self' https://cdn.jsdelivr.net/;
|
||||
style-src 'self' 'unsafe-inline';
|
||||
font-src 'self';
|
||||
script-src 'self';
|
||||
form-action 'none';
|
||||
frame-ancestors 'none';
|
||||
base-uri 'none';
|
||||
|
@ -54,4 +59,3 @@ http://static-mat-services.fly.dev/ {
|
|||
header Cache-Control max-age=180
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,8 @@ RUN nix \
|
|||
|
||||
FROM caddy:latest
|
||||
|
||||
ENV SITE_ROOT /var/www
|
||||
|
||||
COPY Caddyfile /etc/caddy/Caddyfile
|
||||
COPY --from=0 /code/result /var/www
|
||||
COPY --from=0 /code/result ${SITE_ROOT}
|
||||
RUN caddy
|
|
@ -5,7 +5,7 @@ kill_signal = "SIGINT"
|
|||
kill_timeout = 5
|
||||
processes = []
|
||||
|
||||
[[env]]
|
||||
[env]
|
||||
|
||||
[experimental]
|
||||
allowed_public_ports = []
|
||||
|
|
Loading…
Reference in New Issue