84 lines
2.2 KiB
Caddyfile
84 lines
2.2 KiB
Caddyfile
{
|
|
# Global options
|
|
admin off # Disable admin API
|
|
|
|
# Global logging configuration
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
format json
|
|
level INFO
|
|
}
|
|
}
|
|
|
|
noxious.gg {
|
|
# Root directory for your Vue app
|
|
root * ./dist
|
|
|
|
# Enable compression with optimal settings
|
|
encode zstd gzip
|
|
|
|
# Handle SPA routing
|
|
try_files {path} /index.html
|
|
|
|
# Serve static files with optimizations
|
|
file_server {
|
|
precompressed true # Serve pre-compressed files if available
|
|
}
|
|
|
|
# Enhanced security headers
|
|
header {
|
|
# Existing headers with improvements
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Additional security headers
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
|
|
|
|
# More restrictive CSP
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests;"
|
|
|
|
# Remove server information
|
|
-Server
|
|
}
|
|
|
|
# Improved cache configuration for static assets
|
|
@static {
|
|
file
|
|
path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
|
|
}
|
|
header @static {
|
|
Cache-Control "public, max-age=31536000, immutable"
|
|
Vary Accept-Encoding
|
|
}
|
|
|
|
# Cache control for HTML files
|
|
@html {
|
|
file
|
|
path *.html
|
|
}
|
|
header @html {
|
|
Cache-Control "no-cache, must-revalidate"
|
|
}
|
|
|
|
# Rate limiting for API endpoints
|
|
@api {
|
|
path /api/*
|
|
}
|
|
rate_limit @api {
|
|
zone api_limit
|
|
rate 10r/s
|
|
}
|
|
|
|
# Handle errors
|
|
handle_errors {
|
|
respond "{http.error.status_code} {http.error.status_text}" {http.error.status_code}
|
|
}
|
|
}
|
|
|
|
# Improved redirect configuration
|
|
www.noxious.gg {
|
|
redir https://noxious.gg{uri} permanent
|
|
} |