Added Caddyfile

2025-02-09 03:01:05 +01:00 · 2025-02-09 03:01:05 +01:00 · fcf96a25ae
commit fcf96a25ae
parent cf9deebc94
1 changed files with 85 additions and 0 deletions
--- a/85
+++ b/85
@ -0,0 +1,85 @@
+{
+    # Global options
+    admin off # Disable admin API
+    auto_https prefer_https # Enforce HTTPS
+
+    # Global logging configuration
+    log {
+        output file /var/log/caddy/access.log
+        format json
+        level INFO
+    }
+}
+
+noxious.gg {
+    # Root directory for your Vue app
+    root * ./dist
+
+    # Enable compression with optimal settings
+    encode zstd gzip
+
+    # Handle SPA routing
+    try_files {path} /index.html
+
+    # Serve static files with optimizations
+    file_server {
+        precompressed true  # Serve pre-compressed files if available
+    }
+
+    # Enhanced security headers
+    header {
+        # Existing headers with improvements
+        X-Frame-Options "SAMEORIGIN"
+        X-XSS-Protection "1; mode=block"
+        X-Content-Type-Options "nosniff"
+        Referrer-Policy "strict-origin-when-cross-origin"
+
+        # Additional security headers
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
+
+        # More restrictive CSP
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+        # Remove server information
+        -Server
+    }
+
+    # Improved cache configuration for static assets
+    @static {
+        file
+        path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
+    }
+    header @static {
+        Cache-Control "public, max-age=31536000, immutable"
+        Vary Accept-Encoding
+    }
+
+    # Cache control for HTML files
+    @html {
+        file
+        path *.html
+    }
+    header @html {
+        Cache-Control "no-cache, must-revalidate"
+    }
+
+    # Rate limiting for API endpoints
+    @api {
+        path /api/*
+    }
+    rate_limit @api {
+        zone api_limit
+        rate 10r/s
+    }
+
+    # Handle errors
+    handle_errors {
+        respond "{http.error.status_code} {http.error.status_text}" {http.error.status_code}
+    }
+}
+
+# Improved redirect configuration
+www.noxious.gg {
+    redir https://noxious.gg{uri} permanent
+}