forked from noxious/client
Added Caddyfile
This commit is contained in:
parent
cf9deebc94
commit
fcf96a25ae
85
Caddyfile
Normal file
85
Caddyfile
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
{
|
||||||
|
# Global options
|
||||||
|
admin off # Disable admin API
|
||||||
|
auto_https prefer_https # Enforce HTTPS
|
||||||
|
|
||||||
|
# Global logging configuration
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/access.log
|
||||||
|
format json
|
||||||
|
level INFO
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
noxious.gg {
|
||||||
|
# Root directory for your Vue app
|
||||||
|
root * ./dist
|
||||||
|
|
||||||
|
# Enable compression with optimal settings
|
||||||
|
encode zstd gzip
|
||||||
|
|
||||||
|
# Handle SPA routing
|
||||||
|
try_files {path} /index.html
|
||||||
|
|
||||||
|
# Serve static files with optimizations
|
||||||
|
file_server {
|
||||||
|
precompressed true # Serve pre-compressed files if available
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enhanced security headers
|
||||||
|
header {
|
||||||
|
# Existing headers with improvements
|
||||||
|
X-Frame-Options "SAMEORIGIN"
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
Referrer-Policy "strict-origin-when-cross-origin"
|
||||||
|
|
||||||
|
# Additional security headers
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
|
||||||
|
|
||||||
|
# More restrictive CSP
|
||||||
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests;"
|
||||||
|
|
||||||
|
# Remove server information
|
||||||
|
-Server
|
||||||
|
}
|
||||||
|
|
||||||
|
# Improved cache configuration for static assets
|
||||||
|
@static {
|
||||||
|
file
|
||||||
|
path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
|
||||||
|
}
|
||||||
|
header @static {
|
||||||
|
Cache-Control "public, max-age=31536000, immutable"
|
||||||
|
Vary Accept-Encoding
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cache control for HTML files
|
||||||
|
@html {
|
||||||
|
file
|
||||||
|
path *.html
|
||||||
|
}
|
||||||
|
header @html {
|
||||||
|
Cache-Control "no-cache, must-revalidate"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rate limiting for API endpoints
|
||||||
|
@api {
|
||||||
|
path /api/*
|
||||||
|
}
|
||||||
|
rate_limit @api {
|
||||||
|
zone api_limit
|
||||||
|
rate 10r/s
|
||||||
|
}
|
||||||
|
|
||||||
|
# Handle errors
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_code} {http.error.status_text}" {http.error.status_code}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Improved redirect configuration
|
||||||
|
www.noxious.gg {
|
||||||
|
redir https://noxious.gg{uri} permanent
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user