-
Notifications
You must be signed in to change notification settings - Fork 77
/
Caddyfile
37 lines (32 loc) · 1.12 KB
/
Caddyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{$DOMAIN}:443 {
# Caddy on port 443 in container to vaultwarden private instance
# Use it if Caddy exposed to the net
# Doc about automatic HTTPS https://caddyserver.com/docs/automatic-https
log {
output stderr
level INFO
}
# Uncomment only one of the 2 lines:
# Provide your own cert
# tls {$SSLCERTIFICATE} {$SSLKEY}
# Request a cert from Let's Encrypt using ACME HTTP-01
tls {$EMAIL}
encode zstd gzip
header / {
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
# Server name remove
-Server
}
reverse_proxy bitwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}