Use SITE_ROOT

main
mat ess 2022-08-28 14:57:10 -04:00
parent 3f5e9edfbe
commit c78f4efc98
4 changed files with 50 additions and 43 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
.nvimlog
*.priv.*

View File

@ -3,12 +3,12 @@
auto_https off
}
http://static-mat-services.fly.dev/ {
redir https://mat.services/
http://static-mat-services.fly.dev {
redir https://mat.services
}
:8080 {
root * /var/www
root * {$SITE_ROOT}
encode gzip
file_server
@ -20,12 +20,16 @@ http://static-mat-services.fly.dev/ {
file_server
}
log {
output stdout
}
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
# currently ramping up max-age as per https://hstspreload.org/
Strict-Transport-Security max-age=604800; includeSubDomains
Strict-Transport-Security max-age=2592000; includeSubDomains
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
@ -37,8 +41,9 @@ http://static-mat-services.fly.dev/ {
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy "default-src 'none';
img-src 'self';
style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
font-src 'self' https://cdn.jsdelivr.net/;
style-src 'self' 'unsafe-inline';
font-src 'self';
script-src 'self';
form-action 'none';
frame-ancestors 'none';
base-uri 'none';
@ -54,4 +59,3 @@ http://static-mat-services.fly.dev/ {
header Cache-Control max-age=180
}
}

View File

@ -8,6 +8,8 @@ RUN nix \
FROM caddy:latest
ENV SITE_ROOT /var/www
COPY Caddyfile /etc/caddy/Caddyfile
COPY --from=0 /code/result /var/www
COPY --from=0 /code/result ${SITE_ROOT}
RUN caddy

View File

@ -5,7 +5,7 @@ kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[[env]]
[env]
[experimental]
allowed_public_ports = []