forked from CoreBunch/Instatic
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCaddyfile
More file actions
29 lines (26 loc) · 987 Bytes
/
Copy pathCaddyfile
File metadata and controls
29 lines (26 loc) · 987 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Caddyfile — used by compose.tls.yml.
#
# {$DOMAIN} from .env (required, e.g. cms.example.com)
# {$LETSENCRYPT_EMAIL} from .env (optional; recommended for cert expiry notices)
#
# Caddy auto-provisions a Let's Encrypt certificate on first request and renews
# it on its own. Cert state lives in the caddy_data volume so it survives
# container recreation.
{
# Empty value is fine — Caddy treats it as "no contact email" and uses
# the default Let's Encrypt anonymous account.
email {$LETSENCRYPT_EMAIL}
}
{$DOMAIN} {
encode zstd gzip
reverse_proxy app:3001
# HSTS, content sniffing, framing — sensible defaults.
# `frame-ancestors 'self'` lets the editor preview its own pages in an
# iframe but blocks third-party framing (clickjacking).
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
Content-Security-Policy "frame-ancestors 'self'"
Referrer-Policy "strict-origin-when-cross-origin"
}
}