diff options
| author | kaniini <nenolod@gmail.com> | 2018-08-26 20:16:46 +0000 |
|---|---|---|
| committer | kaniini <nenolod@gmail.com> | 2018-08-26 20:16:46 +0000 |
| commit | 7faed99450221bab4d34f4853f877c6011d6bf21 (patch) | |
| tree | fc2f64aa8138242644343d2f8a56990abe3c639f | |
| parent | d802903c15f52e548ce070f30c7be3e79e748558 (diff) | |
| parent | bff5ed154f4db9e7248535e664203a783711a700 (diff) | |
| download | pleroma-7faed99450221bab4d34f4853f877c6011d6bf21.tar.gz | |
Merge branch 'improve-example-caddyfile' into 'develop'
Improve example Caddyfile
See merge request pleroma/pleroma!296
| -rw-r--r-- | installation/caddyfile-pleroma.example | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index e0f9dc917..ed24fc16c 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -1,8 +1,32 @@ social.domain.tld { - tls user@domain.tld + log /var/log/caddy/pleroma_access.log + errors /var/log/caddy/pleroma_error.log - log /var/log/caddy/pleroma.log + gzip + proxy / localhost:4000 { + websocket + transparent + } + + tls user@domain.tld { + # Remove the rest of the lines in here, if you want to support older devices + key_type p256 + ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 + } + + header / { + X-XSS-Protection "1; mode=block" + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "same-origin" + Strict-Transport-Security "max-age=31536000; includeSubDomains;" + Expect-CT "enforce, max-age=2592000" + } + + # If you do not want remote frontends to be able to access your Pleroma backend server, remove these lines. + # If you want to allow all origins access, remove the origin lines. + # To use this directive, you need the http.cors plugin for Caddy. cors / { origin https://halcyon.domain.tld origin https://pinafore.domain.tld @@ -10,9 +34,13 @@ social.domain.tld { allowed_headers Authorization,Content-Type,Idempotency-Key exposed_headers Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id } + # Stop removing lines here. - proxy / localhost:4000 { - websocket - transparent + # If you do not want to use the mediaproxy function, remove these lines. + # To use this directive, you need the http.cache plugin for Caddy. + cache { + match_path /proxy + default_max_age 720m } + # Stop removing lines here. } |