61 lines
1.7 KiB
Caddyfile
61 lines
1.7 KiB
Caddyfile
# Caddyfile für Stargirlnails Kiel
|
|
# Automatisches SSL mit Let's Encrypt
|
|
|
|
stargirlnails.de {
|
|
# Reverse Proxy zur Anwendung
|
|
reverse_proxy stargirlnails:3000 {
|
|
# Health Check
|
|
health_uri /health
|
|
health_interval 30s
|
|
health_timeout 5s
|
|
|
|
# Timeouts für lange laufende Verbindungen (Live-Queries)
|
|
transport http {
|
|
read_timeout 0
|
|
write_timeout 0
|
|
dial_timeout 30s
|
|
}
|
|
|
|
# Buffer-Flush für Server-Sent Events (SSE) aktivieren
|
|
flush_interval -1
|
|
}
|
|
|
|
# Sicherheits-Header
|
|
header {
|
|
# Sicherheits-Header
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' data: blob:; frame-src 'self' https://www.openstreetmap.org;"
|
|
|
|
# HSTS (wird automatisch von Caddy gesetzt)
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
}
|
|
|
|
# Gzip-Kompression
|
|
encode gzip
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
format json
|
|
level INFO
|
|
}
|
|
|
|
# Favicon-Konfiguration (innerhalb der Hauptdomain)
|
|
handle /favicon.ico {
|
|
redir /favicon.png 301
|
|
}
|
|
|
|
handle /favicon.png {
|
|
root * /app/public
|
|
try_files {path}
|
|
}
|
|
}
|
|
|
|
# HTTP zu HTTPS Redirect (automatisch von Caddy)
|
|
http://stargirlnails.de {
|
|
redir https://stargirlnails.de{uri} permanent
|
|
}
|