overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Matrix Docker Ansible eploy
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
2671 коммит
13 Ветки
487 MiB
 
 
Дерево: d691cc0920
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'd691cc0920'
${ noResults }
matrix-docker-ansible-deploy/examples/caddy2/Caddyfile

205 строки
6.9 KiB
Исходник Вина История 

  1. matrix.DOMAIN.tld {

  2. 

  3.   # creates letsencrypt certificate

  4.   # tls your@email.com

  5. 

  6.   @identity {

  7.         path /_matrix/identity/*

  8.   }

  9. 

  10.   @noidentity {

  11.         not path /_matrix/identity/*

  12.   }

  13. 

  14.   @search {

  15.         path /_matrix/client/r0/user_directory/search/*

  16.   }

  17. 

  18.   @nosearch {

  19.         not path /_matrix/client/r0/user_directory/search/*

  20.   }

  21. 

  22.   @static {

  23.         path /matrix/static-files/*

  24.   }

  25. 

  26.   @nostatic {

  27.         not path /matrix/static-files/*

  28.   }

  29. 

  30.   header {

  31.         # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  32.         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  33.         # Enable cross-site filter (XSS) and tell browser to block detected attacks

  34.         X-XSS-Protection "1; mode=block"

  35.         # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  36.         X-Content-Type-Options "nosniff"

  37.         # Disallow the site to be rendered within a frame (clickjacking protection)

  38.         X-Frame-Options "DENY"

  39.         # X-Robots-Tag

  40.         X-Robots-Tag "noindex, noarchive, nofollow"

  41.                                                                                                                                                                                                                       167,9         79%

  42.   }

  43. 

  44.   # Cache

  45.   header @static {

  46.         # Cache

  47.     Cache-Control "public, max-age=31536000"

  48.     defer

  49.   }

  50. 

  51.   # identity

  52.   handle @identity {

  53.         reverse_proxy localhost:8090  {

  54.                header_up X-Forwarded-Port {http.request.port}

  55.                header_up X-Forwarded-Proto {http.request.scheme}

  56.                header_up X-Forwarded-TlsProto {tls_protocol}

  57.                header_up X-Forwarded-TlsCipher {tls_cipher}

  58.                header_up X-Forwarded-HttpsProto {proto}

  59.         }

  60.   }

  61. 

  62.   # search

  63.   handle @search {

  64.         reverse_proxy localhost:8090   {

  65.                header_up X-Forwarded-Port {http.request.port}

  66.                header_up X-Forwarded-Proto {http.request.scheme}

  67.                header_up X-Forwarded-TlsProto {tls_protocol}

  68.                header_up X-Forwarded-TlsCipher {tls_cipher}

  69.                header_up X-Forwarded-HttpsProto {proto}

  70.         }

  71.   }

  72. 

  73.   handle {

  74.         encode zstd gzip

  75. 

  76.         reverse_proxy localhost:8008  {

  77.                header_up X-Forwarded-Port {http.request.port}

  78.                header_up X-Forwarded-Proto {http.request.scheme}

  79.                header_up X-Forwarded-TlsProto {tls_protocol}

  80.                header_up X-Forwarded-TlsCipher {tls_cipher}

  81.                header_up X-Forwarded-HttpsProto {proto}

  82.         }

  83.   }

  84. }

  85. 

  86. matrix.DOMAIN.tld:8448 {

  87.     handle {

  88.         encode zstd gzip

  89. 

  90.         reverse_proxy 127.0.0.1:8048 {

  91.                header_up X-Forwarded-Port {http.request.port}

  92.                header_up X-Forwarded-Proto {http.request.scheme}

  93.                header_up X-Forwarded-TlsProto {tls_protocol}

  94.                header_up X-Forwarded-TlsCipher {tls_cipher}

  95.                header_up X-Forwarded-HttpsProto {proto}

  96.         }

  97.     }

  98. }

  99. 

  100. element.DOMAIN.tld {

  101. 

  102.       # creates letsencrypt certificate

  103.       # tls your@email.com

  104. 

  105.       header {

  106.          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  107.         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  108.         	# Enable cross-site filter (XSS) and tell browser to block detected attacks

  109.         	X-XSS-Protection "1; mode=block"

  110.         	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  111.         	X-Content-Type-Options "nosniff"

  112.         	# Disallow the site to be rendered within a frame (clickjacking protection)

  113.         	X-Frame-Options "DENY"

  114.         	# X-Robots-Tag

  115.         	X-Robots-Tag "noindex, noarchive, nofollow"

  116.   	}

  117. 

  118.         handle {

  119.               encode zstd gzip

  120. 

  121.               reverse_proxy localhost:8765 {

  122.                      header_up X-Forwarded-Port {http.request.port}

  123.                      header_up X-Forwarded-Proto {http.request.scheme}

  124.                      header_up X-Forwarded-TlsProto {tls_protocol}

  125.                      header_up X-Forwarded-TlsCipher {tls_cipher}

  126.                      header_up X-Forwarded-HttpsProto {proto}

  127.         }

  128. }

  129. 

  130. #dimension.DOMAIN.tld {

  131. #

  132. #      # creates letsencrypt certificate

  133. #      # tls your@email.com

  134. #

  135. #      header {

  136. #          # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  137. #          Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  138. #          # Enable cross-site filter (XSS) and tell browser to block detected attacks

  139. #          X-XSS-Protection "1; mode=block"

  140. #          # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  141. #          X-Content-Type-Options "nosniff"

  142. #          # Disallow the site to be rendered within a frame (clickjacking protection)

  143. #          X-Frame-Options "DENY"

  144. #          # X-Robots-Tag

  145. #          X-Robots-Tag "noindex, noarchive, nofollow"

  146. #    }

  147. #

  148. #      handle {

  149. #          encode zstd gzip

  150. #

  151. #          reverse_proxy localhost:8184  {

  152. #                  header_up X-Forwarded-Port {http.request.port}

  153. #                  header_up X-Forwarded-Proto {http.request.scheme}

  154. #                  header_up X-Forwarded-TlsProto {tls_protocol}

  155. #                  header_up X-Forwarded-TlsCipher {tls_cipher}

  156. #                  header_up X-Forwarded-HttpsProto {proto}

  157. #          }

  158. #    }

  159. #}

  160. 

  161. 

  162. #jitsi.DOMAIN.tld {

  163. #

  164. #  creates letsencrypt certificate

  165. #  tls your@email.com

  166. #

  167. #  header {

  168. #        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  169. #        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  170. #

  171. #        # Enable cross-site filter (XSS) and tell browser to block detected attacks

  172. #        X-XSS-Protection "1; mode=block"

  173. #

  174. #        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  175. #        X-Content-Type-Options "nosniff"

  176. #

  177. #        # Disallow the site to be rendered within a frame (clickjacking protection)

  178. #        X-Frame-Options "SAMEORIGIN"

  179. #

  180. #        # Disable some features

  181. #        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"

  182. #

  183. #        # Referer

  184. #        Referrer-Policy "no-referrer"

  185. #

  186. #        # X-Robots-Tag

  187. #        X-Robots-Tag "none"

  188. #

  189. #        # Remove Server header

  190. #        -Server

  191. #  }

  192. #

  193. #  handle {

  194. #        encode zstd gzip

  195. #

  196. #        reverse_proxy 127.0.0.1:13080 {

  197. #               header_up X-Forwarded-Port {http.request.port}

  198. #               header_up X-Forwarded-Proto {http.request.scheme}

  199. #               header_up X-Forwarded-TlsProto {tls_protocol}

  200. #               header_up X-Forwarded-TlsCipher {tls_cipher}

  201. #               header_up X-Forwarded-HttpsProto {proto}

  202. #        }

  203. #  }

  204. #}