mirror of https://github.com/xwiki-labs/cryptpad
Caddyfile: A simpler config, container oriented
This commit is contained in:
Lumière Élevé
GitHub
parent
d58b5125b8
commit
f2014c4d6c
|
|
@ -0,0 +1,67 @@
|
|||
# SPDX-FileCopyrightText: 2024 XWiki CryptPad Team <contact@cryptpad.org> and contributors
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
# This file is included strictly as an example of how Caddy can be configured
|
||||
# to work with CryptPad. This example WILL NOT WORK AS IS. For best results,
|
||||
# compare the sections of this configuration file against a working CryptPad
|
||||
# installation (http server by the Nodejs process). If you are using CryptPad
|
||||
# in production and require professional support please contact sales@cryptpad.fr
|
||||
|
||||
(trustedProxies) {
|
||||
# Force Caddy to accept `X-Forwarded-For` and other origin headers.
|
||||
# Modify the line below if you want to restrict the scope of direct downstream sending these headers.
|
||||
trusted_proxies 0.0.0.0/0 ::/0
|
||||
}
|
||||
|
||||
# Caddy does not have variables for server names, so domains need to be hardcoded.
|
||||
# You can bulk replace "your-main-domain.com" and "your-sandbox-domain.com" safely.
|
||||
your-main-domain.com:443,
|
||||
your-sandbox-domain.com:443 {
|
||||
# Define your certificates below.
|
||||
# No need to adjust TLS configurations, as the defaults in Caddy are already secure.
|
||||
tls /path/to/fullchain/publicKey.pem /path/to/certificate/privateKey.pem
|
||||
|
||||
# Enable HSTS.
|
||||
# Do not enable this line when configuring over mixnet, e.g. Tor.
|
||||
header Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
|
||||
# Opt out of Google's FLoC Network
|
||||
header Permissions-Policy "interest-cohort=()"
|
||||
|
||||
# Specify the relative path to root of your custom error page.
|
||||
# This error page won't only be served for 404 errors.
|
||||
handle_errors {
|
||||
rewrite * /error.htm
|
||||
header Cache-Control "no-cache, no-store"
|
||||
file_server
|
||||
templates
|
||||
}
|
||||
|
||||
# The Node.js process can handle all traffic, whether accessed over websocket or as static assets.
|
||||
reverse_proxy /cryptpad_websocket/* {
|
||||
to 127.0.0.1:3003
|
||||
header_up Host "{host}"
|
||||
header_up X-Real-IP "{remote_host}"
|
||||
|
||||
# Caddy supports WebSockets directly. No additional headers are needed.
|
||||
|
||||
import trustedProxies
|
||||
}
|
||||
reverse_proxy * {
|
||||
to 127.0.0.1:3000
|
||||
header_up Host "{host}"
|
||||
header_up X-Real-IP "{remote_host}"
|
||||
|
||||
# These settings prevent both Caddy and the API server from setting duplicate headers.
|
||||
header_down Cross-Origin-Resource-Policy cross-origin
|
||||
header_down Cross-Origin-Embedder-Policy require-corp
|
||||
|
||||
import trustedProxies
|
||||
}
|
||||
|
||||
# Enable file serving
|
||||
file_server {
|
||||
index index.html index.htm default.html default.htm
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue