Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
99 lines (88 sloc) 2.73 KB
ammobin.ca {
tls {%EMAIL%}
gzip
push
proxy / client:3000 https://ammobin.now.sh https://ammobin-client.herokuapp.com https://ammobin.netlify.com {
policy first
fail_timeout 1s
max_fails 5
try_duration 1s
health_check /ping
}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
Content-Security-Policy-Report-Only "default-src 'self';script-src 'self' 'unsafe-inline'; connect-src 'self' api.ammobin.ca; style-src 'self' 'unsafe-inline';img-src 'self' images.ammobin.ca; report-uri https://ammobin.report-uri.com/r/d/csp/enforce"
}
log / /var/log/caddy/ammobin.log "{combined}" {
rotate_size 100
}
errors {
* /srv/custom-error.html
}
}
api.ammobin.ca {
tls {%EMAIL%}
gzip
push
proxy / api:8080 {
transparent
}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
}
log / /var/log/caddy/ammobin.log "{combined}" {
rotate_size 100
}
}
images.ammobin.ca {
tls {%EMAIL%}
proxy / images:8080 {
transparent
}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
}
}
stats.ammobin.ca {
tls {%EMAIL%}
root /www/goaccess
gzip
push
basicauth / {%STATSUSER%} {%STATSPASS%}
log
}
stats.ammobin.ca:7890 {
log
tls {%EMAIL%}
proxy / goaccess:7890 {
websocket
}
}
graphana.ammobin.ca {
tls {%EMAIL%}
proxy / graphana:3000 {
transparent
}
header / Strict-Transport-Security "max-age=31536000;"
}