mat.services/Caddyfile

{
	# fly.io handles HTTPS for us
	auto_https off
}

http://static-mat-services.fly.dev {
	redir https://mat.services
}

:8080 {
	root * {$SITE_ROOT}
	encode gzip
	file_server

	handle_errors {
		@404 {
			expression {http.error.status_code} == 404
		}
		rewrite @404 /404.html
		file_server
	}

	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()
		# enable HSTS
		# currently ramping up max-age as per https://hstspreload.org/
		Strict-Transport-Security max-age=2592000; includeSubDomains
		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff
		# clickjacking protection
		X-Frame-Options DENY
		# keep referrer data off of HTTP connections
		Referrer-Policy no-referrer
		# content security policy
		# style-src 'unsafe-inline': syntax highlighting in codefences
		# sandbox allow-popups: enable target="_blank" links to open in new tabs
		Content-Security-Policy "default-src 'none';
      img-src 'self' https://stats.mat.services;
      style-src 'self' 'unsafe-inline';
      font-src 'self';
			script-src 'self' https://stats.mat.services;
      form-action 'none';
      frame-ancestors 'none';
      base-uri 'none';
      upgrade-insecure-requests;
      sandbox
				allow-same-origin
				allow-scripts
				allow-popups 
				allow-popups-to-escape-sandbox"
	}

	# caching
	@static {
		path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js *.woff *.woff2 /style/* /font/* /image/*
	}
	route {
		header @static Cache-Control max-age=31536000, immutable
		header *.xml Cache-Control max-age=0
		header ?Cache-Control max-age=360
	}
}
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`{`
			`# fly.io handles HTTPS for us`
			`auto_https off`
			`}`

			`http://static-mat-services.fly.dev {`
"docker" -> "container", add blog draft 2022-08-28 01:58:45 +00:00			`redir https://mat.services`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`}`

			`:8080 {`
Rework nix + docker 2022-08-27 19:08:42 +00:00			`root * {$SITE_ROOT}`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`encode gzip`
			`file_server`

			`handle_errors {`
			`@404 {`
			`expression {http.error.status_code} == 404`
			`}`
			`rewrite @404 /404.html`
			`file_server`
			`}`

			`header {`
			`# disable FLoC tracking`
			`Permissions-Policy interest-cohort=()`
			`# enable HSTS`
			`# currently ramping up max-age as per https://hstspreload.org/`
Add privacy, rework some css 2022-08-28 06:41:20 +00:00			`Strict-Transport-Security max-age=2592000; includeSubDomains`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`# disable clients from sniffing the media type`
			`X-Content-Type-Options nosniff`
			`# clickjacking protection`
			`X-Frame-Options DENY`
			`# keep referrer data off of HTTP connections`
			`Referrer-Policy no-referrer`
			`# content security policy`
			`# style-src 'unsafe-inline': syntax highlighting in codefences`
			`# sandbox allow-popups: enable target="_blank" links to open in new tabs`
			`Content-Security-Policy "default-src 'none';`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`img-src 'self' https://stats.mat.services;`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`style-src 'self' 'unsafe-inline';`
			`font-src 'self';`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`script-src 'self' https://stats.mat.services;`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`form-action 'none';`
			`frame-ancestors 'none';`
			`base-uri 'none';`
			`upgrade-insecure-requests;`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`sandbox`
			`allow-same-origin`
			`allow-scripts`
			`allow-popups`
			`allow-popups-to-escape-sandbox"`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`}`

			`# caching`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`@static {`
Update meta links 2022-09-16 16:31:23 +00:00			`path .bmp .jpg .png .svg .gif .pdf .css .js .woff .woff2 /style/* /font/* /image/*`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`}`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`route {`
Attempt to get Docker build working 2022-09-06 04:36:55 +00:00			`header @static Cache-Control max-age=31536000, immutable`
Update meta links 2022-09-16 16:31:23 +00:00			`header *.xml Cache-Control max-age=0`
			`header ?Cache-Control max-age=360`
Update deployment + woodpecker pipeline 2022-08-27 03:54:29 +00:00			`}`
			`}`