Marc Mintel
103d71851c
Some checks failed
🧪 CI (QA) / 🧪 Quality Assurance (push) Failing after 1m3s
- Restructure to pnpm monorepo (site moved to apps/web) - Integrate @mintel/tsconfig, @mintel/eslint-config, @mintel/husky-config - Implement Docker service architecture (Varnish, Directus, Gatekeeper) - Setup environment-aware Gitea Actions deployment
47 lines
1.2 KiB
Caddyfile
47 lines
1.2 KiB
Caddyfile
# Caddyfile for reverse proxy with automatic SSL
|
|
{
|
|
# Email for Let's Encrypt notifications
|
|
email {$EMAIL:-admin@example.com}
|
|
}
|
|
|
|
# Main website
|
|
{$DOMAIN:-localhost} {
|
|
# Reverse proxy to website container
|
|
reverse_proxy website:3000
|
|
|
|
# Security headers
|
|
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# Prevent clickjacking
|
|
X-Frame-Options "SAMEORIGIN"
|
|
# Prevent MIME sniffing
|
|
X-Content-Type-Options "nosniff"
|
|
# XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Remove server info
|
|
Server "mintel"
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
format json
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
}
|
|
|
|
# Analytics subdomain (if using your existing Plausible)
|
|
analytics.{$DOMAIN:-localhost} {
|
|
# Point to your existing Plausible instance
|
|
# Replace with your Plausible server IP/domain
|
|
reverse_proxy http://YOUR_PLAUSIBLE_SERVER:8000
|
|
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
}
|
|
} |