2022-08-27 03:54:29 +00:00
|
|
|
{
|
|
|
|
# fly.io handles HTTPS for us
|
|
|
|
auto_https off
|
|
|
|
}
|
|
|
|
|
|
|
|
http://static-mat-services.fly.dev {
|
2022-08-28 01:58:45 +00:00
|
|
|
redir https://mat.services
|
2022-08-27 03:54:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
:8080 {
|
2022-08-27 19:08:42 +00:00
|
|
|
root * {$SITE_ROOT}
|
2022-08-27 03:54:29 +00:00
|
|
|
encode gzip
|
|
|
|
file_server
|
|
|
|
|
|
|
|
handle_errors {
|
|
|
|
@404 {
|
|
|
|
expression {http.error.status_code} == 404
|
|
|
|
}
|
|
|
|
rewrite @404 /404.html
|
|
|
|
file_server
|
|
|
|
}
|
|
|
|
|
|
|
|
header {
|
|
|
|
# disable FLoC tracking
|
|
|
|
Permissions-Policy interest-cohort=()
|
|
|
|
# enable HSTS
|
|
|
|
# currently ramping up max-age as per https://hstspreload.org/
|
2022-08-28 06:41:20 +00:00
|
|
|
Strict-Transport-Security max-age=2592000; includeSubDomains
|
2022-08-27 03:54:29 +00:00
|
|
|
# disable clients from sniffing the media type
|
|
|
|
X-Content-Type-Options nosniff
|
|
|
|
# clickjacking protection
|
|
|
|
X-Frame-Options DENY
|
|
|
|
# keep referrer data off of HTTP connections
|
|
|
|
Referrer-Policy no-referrer
|
|
|
|
# content security policy
|
|
|
|
# style-src 'unsafe-inline': syntax highlighting in codefences
|
|
|
|
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
|
|
|
Content-Security-Policy "default-src 'none';
|
2022-09-06 04:36:55 +00:00
|
|
|
img-src 'self' https://stats.mat.services;
|
2022-08-27 03:54:29 +00:00
|
|
|
style-src 'self' 'unsafe-inline';
|
|
|
|
font-src 'self';
|
2022-09-06 04:36:55 +00:00
|
|
|
script-src 'self' https://stats.mat.services;
|
2022-08-27 03:54:29 +00:00
|
|
|
form-action 'none';
|
|
|
|
frame-ancestors 'none';
|
|
|
|
base-uri 'none';
|
|
|
|
upgrade-insecure-requests;
|
2022-09-06 04:36:55 +00:00
|
|
|
sandbox
|
|
|
|
allow-same-origin
|
|
|
|
allow-scripts
|
|
|
|
allow-popups
|
|
|
|
allow-popups-to-escape-sandbox"
|
2022-08-27 03:54:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# caching
|
2022-09-06 04:36:55 +00:00
|
|
|
@static {
|
2022-09-16 16:31:23 +00:00
|
|
|
path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js *.woff *.woff2 /style/* /font/* /image/*
|
2022-09-06 04:36:55 +00:00
|
|
|
}
|
2022-08-27 03:54:29 +00:00
|
|
|
route {
|
2022-09-06 04:36:55 +00:00
|
|
|
header @static Cache-Control max-age=31536000, immutable
|
2022-09-16 16:31:23 +00:00
|
|
|
header *.xml Cache-Control max-age=0
|
|
|
|
header ?Cache-Control max-age=360
|
2022-08-27 03:54:29 +00:00
|
|
|
}
|
|
|
|
}
|