Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
{%SITE%} {
tls {%EMAIL%}
gzip
push
timeouts {
read 30s
header 30s
write 30s
idle 1m
}
# https://ammobin.now.sh (out of date)
proxy / client:3000 https://ammobin-client.herokuapp.com https://ammobin.netlify.com {
policy first
fail_timeout 1s
max_fails 5
try_duration 1s
health_check /ping
}
proxy /images images:8080 {
transparent
without /images
fail_timeout 3s
header_downstream Cache-Control max-age=31536000
}
proxy /api api:8080 {
transparent
websocket
without /api
}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' https://storage.googleapis.com; connect-src 'self' https://aws.ammobin.ca; style-src 'self' 'unsafe-inline';img-src 'self' https://aws.ammobin.ca; report-uri https://{%SITE%}/api/content-security-report-uri"
Referrer-Policy "origin"
}
header /api/graphql {
-Content-Security-Policy # dont controll this UI, they pull in their own assets. TODO: whitelist them
}
log / /var/log/caddy/ammobin.log "{combined}" {
rotate_size 100
# dont log ip addresses
ipmask 255.255.0.0 ffff:ffff:ffff:ff00::
except /images
}
errors {
* /srv/custom-error.html
}
}
stats.{%SITE%} {
tls {%EMAIL%}
root /www/goaccess
gzip
push
basicauth / {%STATSUSER%} {%STATSPASS%}
log
}
stats.{%SITE%}:7890 {
log
tls {%EMAIL%}
proxy / goaccess:7890 {
websocket
}
}