Last active
January 12, 2022 13:48
-
-
Save X448NAX/f60419af0b2b3128a7f1f80abcfedcfc to your computer and use it in GitHub Desktop.
Caddyfile for Writefreely reverse proxy + server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| servers { | |
| protocol { | |
| experimental_http3 | |
| strict_sni_host | |
| } | |
| } | |
| } | |
| blog.your.domain | |
| reverse_proxy 127.0.0.1:8069 | |
| file_server | |
| root * /var/www/writefreely/static | |
| tls { | |
| key_type p384 | |
| ciphers TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | |
| curves x25519 secp521r1 secp256r1 | |
| } | |
| header { | |
| # disable FLoC tracking | |
| Permissions-Policy interest-cohort=() | |
| # enable HSTS | |
| Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
| # disable clients from sniffing the media type | |
| X-Content-Type-Options nosniff | |
| # clickjacking protection | |
| X-Frame-Options DENY | |
| # keep referrer data off except strict origin | |
| Referrer-Policy strict-origin | |
| # replace http with https in locations | |
| Location http:// https:// | |
| # xss protection basic | |
| X-Xss-Protection "1; mode=block" | |
| # server name in http header | |
| Server "Tweakin tweakin off that 2cb huh" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment