overmind
/
matrix-docker-ansible-deploy
zrcadlo https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Vydání 0 Wiki Aktivita
Matrix Docker Ansible eploy
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
1955 Revize
13 Větve
36 MiB
 
 
Strom: a1ecaf54ef
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „a1ecaf54ef“
${ noResults }
matrix-docker-ansible-deploy/examples/caddy2/Caddyfile

206 řádky
6.9 KiB
Surový Blame Historie 

  1. matrix.DOMAIN.tld {

  2. 

  3.   # creates letsencrypt certificate

  4.   # tls your@email.com

  5. 

  6.   @identity {

  7.         path /_matrix/identity/*

  8.   }

  9. 

  10.   @noidentity {

  11.         not path /_matrix/identity/*

  12.   }

  13. 

  14.   @search {

  15.         path /_matrix/client/r0/user_directory/search/*

  16.   }

  17. 

  18.   @nosearch {

  19.         not path /_matrix/client/r0/user_directory/search/*

  20.   }

  21. 

  22.   @static {

  23.         path /matrix/static-files/*

  24.   }

  25. 

  26.   @nostatic {

  27.         not path /matrix/static-files/*

  28.   }

  29. 

  30.   header {

  31.         # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  32.         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  33.         # Enable cross-site filter (XSS) and tell browser to block detected attacks

  34.         X-XSS-Protection "1; mode=block"

  35.         # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  36.         X-Content-Type-Options "nosniff"

  37.         # Disallow the site to be rendered within a frame (clickjacking protection)

  38.         X-Frame-Options "DENY"

  39.         # X-Robots-Tag

  40.         X-Robots-Tag "noindex, noarchive, nofollow"

  41.                                                                                                                                                                                                                       167,9         79%

  42.   }

  43. 

  44.   # Cache

  45.   header @static {

  46.         # Cache

  47.     Cache-Control "public, max-age=31536000"

  48.     defer

  49.   }

  50. 

  51.   # identity

  52.   handle @identity {

  53.         reverse_proxy localhost:8090  {

  54.                header_up X-Forwarded-Port {http.request.port}

  55.                header_up X-Forwarded-Proto {http.request.scheme}

  56.                header_up X-Forwarded-TlsProto {tls_protocol}

  57.                header_up X-Forwarded-TlsCipher {tls_cipher}

  58.                header_up X-Forwarded-HttpsProto {proto}

  59.         }

  60.   }

  61. 

  62.   # search

  63.   handle @search {

  64.         reverse_proxy localhost:8090   {

  65.                header_up X-Forwarded-Port {http.request.port}

  66.                header_up X-Forwarded-Proto {http.request.scheme}

  67.                header_up X-Forwarded-TlsProto {tls_protocol}

  68.                header_up X-Forwarded-TlsCipher {tls_cipher}

  69.                header_up X-Forwarded-HttpsProto {proto}

  70.         }

  71.   }

  72. 

  73.   handle {

  74.         encode zstd gzip

  75. 

  76.         reverse_proxy localhost:8008  {

  77.                header_up X-Forwarded-Port {http.request.port}

  78.                header_up X-Forwarded-Proto {http.request.scheme}

  79.                header_up X-Forwarded-TlsProto {tls_protocol}

  80.                header_up X-Forwarded-TlsCipher {tls_cipher}

  81.                header_up X-Forwarded-HttpsProto {proto}

  82.         }

  83.   }

  84. }

  85. 

  86. matrix.DOMAIN.tld:8448 {

  87.     handle {

  88.         encode zstd gzip

  89. 

  90.         reverse_proxy 127.0.0.1:8048 {

  91.                header_up X-Forwarded-Port {http.request.port}

  92.                header_up X-Forwarded-Proto {http.request.scheme}

  93.                header_up X-Forwarded-TlsProto {tls_protocol}

  94.                header_up X-Forwarded-TlsCipher {tls_cipher}

  95.                header_up X-Forwarded-HttpsProto {proto}

  96.         }

  97.     }

  98. }

  99. 

  100. dimension.DOMAIN.tld {

  101.       

  102.       # creates letsencrypt certificate

  103.       # tls your@email.com

  104.       

  105.       header {

  106.          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  107.         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  108.         	# Enable cross-site filter (XSS) and tell browser to block detected attacks

  109.         	X-XSS-Protection "1; mode=block"

  110.         	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  111.         	X-Content-Type-Options "nosniff"

  112.         	# Disallow the site to be rendered within a frame (clickjacking protection)

  113.         	X-Frame-Options "DENY"

  114.         	# X-Robots-Tag

  115.         	X-Robots-Tag "noindex, noarchive, nofollow"

  116.   	}

  117. 

  118.     	handle {

  119.         	encode zstd gzip

  120. 

  121.         	reverse_proxy localhost:8184  {

  122.                		header_up X-Forwarded-Port {http.request.port}

  123.                		header_up X-Forwarded-Proto {http.request.scheme}

  124.                		header_up X-Forwarded-TlsProto {tls_protocol}

  125.                		header_up X-Forwarded-TlsCipher {tls_cipher}

  126.                		header_up X-Forwarded-HttpsProto {proto}

  127.         	}

  128.   	}

  129. }

  130. 

  131. element.DOMAIN.tld {

  132. 

  133.       # creates letsencrypt certificate

  134.       # tls your@email.com

  135.  	

  136.       header {

  137.          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  138.         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  139.         	# Enable cross-site filter (XSS) and tell browser to block detected attacks

  140.         	X-XSS-Protection "1; mode=block"

  141.         	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  142.         	X-Content-Type-Options "nosniff"

  143.         	# Disallow the site to be rendered within a frame (clickjacking protection)

  144.         	X-Frame-Options "DENY"

  145.         	# X-Robots-Tag

  146.         	X-Robots-Tag "noindex, noarchive, nofollow"

  147.   	}

  148. 

  149.         handle {

  150.               encode zstd gzip

  151. 

  152.               reverse_proxy localhost:8765 {

  153.                      header_up X-Forwarded-Port {http.request.port}

  154.                      header_up X-Forwarded-Proto {http.request.scheme}

  155.                      header_up X-Forwarded-TlsProto {tls_protocol}

  156.                      header_up X-Forwarded-TlsCipher {tls_cipher}

  157.                      header_up X-Forwarded-HttpsProto {proto}

  158.         }

  159. }

  160. 

  161. #jitsi.DOMAIN.tld {

  162. #  log {

  163. #        output discard

  164. #  }

  165. #  

  166. #  creates letsencrypt certificate

  167. #  tls your@email.com

  168. #

  169. #  header {

  170. #        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  171. #        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  172. #

  173. #        # Enable cross-site filter (XSS) and tell browser to block detected attacks

  174. #        X-XSS-Protection "1; mode=block"

  175. #

  176. #        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  177. #        X-Content-Type-Options "nosniff"

  178. #

  179. #        # Disallow the site to be rendered within a frame (clickjacking protection)

  180. #        X-Frame-Options "SAMEORIGIN"

  181. #

  182. #        # Disable some features

  183. #        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"

  184. #

  185. #        # Referer

  186. #        Referrer-Policy "no-referrer"

  187. #

  188. #        # X-Robots-Tag

  189. #        X-Robots-Tag "none"

  190. #

  191. #        # Remove Server header

  192. #        -Server

  193. #  }

  194. #

  195. #  handle {

  196. #        encode zstd gzip

  197. #

  198. #        reverse_proxy 127.0.0.1:12080 {

  199. #               header_up X-Forwarded-Port {http.request.port}

  200. #               header_up X-Forwarded-Proto {http.request.scheme}

  201. #               header_up X-Forwarded-TlsProto {tls_protocol}

  202. #               header_up X-Forwarded-TlsCipher {tls_cipher}

  203. #               header_up X-Forwarded-HttpsProto {proto}

  204. #        }

  205. #  }

  206. #}