generated from benavlabs/landstro
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCaddyfile
More file actions
86 lines (74 loc) · 2.39 KB
/
Caddyfile
File metadata and controls
86 lines (74 loc) · 2.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{
# Global Caddy options
email {$ADMIN_EMAIL}
# Auto HTTPS is enabled by default
}
# Production site configuration
{$APP_DOMAIN} {
# TLS configuration for Cloudflare compatibility
tls {
protocols tls1.2 tls1.3
ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}
# Enable compression for better performance
encode zstd gzip
# Enable HSTS
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Security headers
header {
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "accelerometer=(), camera=(), geolocation=(), microphone=()"
Content-Security-Policy {
args default-src 'self'
script-src 'self' 'unsafe-inline' {$ANALYTICS_DOMAINS}
style-src 'self' 'unsafe-inline'
img-src 'self' data: {$ANALYTICS_DOMAINS}
font-src 'self'
connect-src 'self' {$ANALYTICS_DOMAINS}
object-src 'none'
}
}
# Forward requests to the Astro application
reverse_proxy {$ASTRO_HOST:astro-app}:{$ASTRO_PORT:4321} {
# Health checks
health_uri /
health_interval 30s
health_timeout 5s
health_status 200
}
# Handle errors (custom 404 page)
handle_errors {
rewrite * /404
reverse_proxy {$ASTRO_HOST:astro-app}:{$ASTRO_PORT:4321}
}
# Cache static assets with proper content types
@images {
path *.jpg *.jpeg *.png *.gif *.ico *.svg *.webp *.avif
}
header @images Cache-Control "public, max-age=31536000, immutable"
@fonts {
path *.woff *.woff2 *.ttf *.otf
}
header @fonts Cache-Control "public, max-age=31536000, immutable"
@scripts {
path *.js
}
header @scripts Cache-Control "public, max-age=604800, must-revalidate"
@styles {
path *.css
}
header @styles Cache-Control "public, max-age=604800, must-revalidate"
# Cache other static files for a shorter period
@static {
path *.html *.json *.xml
}
header @static Cache-Control "public, max-age=3600, must-revalidate"
# Log requests
log {
output file {$LOG_FILE:/var/log/caddy/access.log}
format {$LOG_FORMAT:json}
}
}