mat.services/Caddyfile

64 lines
1.6 KiB
Caddyfile
Raw Normal View History

{
# fly.io handles HTTPS for us
auto_https off
}
http://static-mat-services.fly.dev {
redir https://mat.services
}
:8080 {
2022-08-27 19:08:42 +00:00
root * {$SITE_ROOT}
encode gzip
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
# currently ramping up max-age as per https://hstspreload.org/
2022-08-28 06:41:20 +00:00
Strict-Transport-Security max-age=2592000; includeSubDomains
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy "default-src 'none';
2022-09-06 04:36:55 +00:00
img-src 'self' https://stats.mat.services;
style-src 'self' 'unsafe-inline';
font-src 'self';
2022-09-06 04:36:55 +00:00
script-src 'self' https://stats.mat.services;
form-action 'none';
frame-ancestors 'none';
base-uri 'none';
upgrade-insecure-requests;
2022-09-06 04:36:55 +00:00
sandbox
allow-same-origin
allow-scripts
allow-popups
allow-popups-to-escape-sandbox"
}
# caching
2022-09-06 04:36:55 +00:00
@static {
2022-09-16 16:31:23 +00:00
path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js *.woff *.woff2 /style/* /font/* /image/*
2022-09-06 04:36:55 +00:00
}
route {
2022-09-06 04:36:55 +00:00
header @static Cache-Control max-age=31536000, immutable
2022-09-16 16:31:23 +00:00
header *.xml Cache-Control max-age=0
header ?Cache-Control max-age=360
}
}