132 lines
3.1 KiB
Caddyfile
132 lines
3.1 KiB
Caddyfile
{
|
|
acme_ca https://acme.zerossl.com/v2/DV90
|
|
email johan@jongsma.me
|
|
log {
|
|
output file /var/log/caddy/access.log {
|
|
roll_size 100mb
|
|
roll_keep 5
|
|
}
|
|
format json
|
|
}
|
|
}
|
|
|
|
inou.com {
|
|
reverse_proxy 192.168.1.253:1080 {
|
|
@tarpit status 444
|
|
handle_response @tarpit {
|
|
abort
|
|
}
|
|
}
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
|
Cross-Origin-Opener-Policy "same-origin-allow-popups"
|
|
Cross-Origin-Resource-Policy "same-origin"
|
|
X-Permitted-Cross-Domain-Policies "none"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
dev.inou.com {
|
|
reverse_proxy 192.168.1.253:1080 {
|
|
@tarpit status 444
|
|
handle_response @tarpit {
|
|
abort
|
|
}
|
|
}
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
flourishevents.nl, www.flourishevents.nl {
|
|
root * /var/www/flourishevents
|
|
file_server
|
|
}
|
|
|
|
james.jongsma.me {
|
|
@blocked not remote_ip 192.168.1.0/24 47.197.93.62 100.64.0.0/10
|
|
respond @blocked 403
|
|
|
|
reverse_proxy 192.168.1.16:18789 {
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
}
|
|
|
|
header {
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
# Redirect www to non-www (fixes GSC indexing issue)
|
|
www.inou.com {
|
|
redir https://inou.com{uri} permanent
|
|
}
|
|
|
|
docsys.jongsma.me {
|
|
reverse_proxy 192.168.1.16:9201
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
|
|
immich.jongsma.me, immich.jongsma.me:2283 {
|
|
log {
|
|
output file /var/log/caddy/immich.log {
|
|
roll_size 50mb
|
|
roll_keep 5
|
|
}
|
|
format json
|
|
}
|
|
|
|
reverse_proxy 192.168.1.253:2283
|
|
|
|
header {
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
hass.jongsma.me {
|
|
reverse_proxy 192.168.1.252:8123
|
|
|
|
header {
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
vault1984.com, www.vault1984.com {
|
|
reverse_proxy 192.168.1.16:8099
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=300; includeSubDomains"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "strict-origin-when-cross-origin "
|
|
-Server
|
|
}
|
|
}
|