overmind
/
matrix-docker-ansible-deploy
miroir de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Bifurcation 0
Code Tickets 0 Versions 0 Wiki Activité
Matrix Docker Ansible eploy
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
3499 Révisions
13 Branches
487 MiB
 
 
Aborescence: dd903ffcc2
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'dd903ffcc2'
${ noResults }
matrix-docker-ansible-deploy/examples/caddy2/Caddyfile

204 lignes
6.7 KiB
Brut Annotations Historique 

  1. matrix.DOMAIN.tld {

  2. 

  3.   # creates letsencrypt certificate

  4.   # tls your@email.com

  5. 

  6.   @identity {

  7.         path /_matrix/identity/*

  8.   }

  9. 

  10.   @noidentity {

  11.         not path /_matrix/identity/*

  12.   }

  13. 

  14.   @search {

  15.         path /_matrix/client/r0/user_directory/search/*

  16.   }

  17. 

  18.   @nosearch {

  19.         not path /_matrix/client/r0/user_directory/search/*

  20.   }

  21. 

  22.   @static {

  23.         path /matrix/static-files/*

  24.   }

  25. 

  26.   @nostatic {

  27.         not path /matrix/static-files/*

  28.   }

  29. 

  30.   header {

  31.         # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  32.         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  33.         # Enable cross-site filter (XSS) and tell browser to block detected attacks

  34.         X-XSS-Protection "1; mode=block"

  35.         # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  36.         X-Content-Type-Options "nosniff"

  37.         # Disallow the site to be rendered within a frame (clickjacking protection)

  38.         X-Frame-Options "DENY"

  39.         # X-Robots-Tag

  40.         X-Robots-Tag "noindex, noarchive, nofollow"

  41.   }

  42. 

  43.   # Cache

  44.   header @static {

  45.         # Cache

  46.     Cache-Control "public, max-age=31536000"

  47.     defer

  48.   }

  49. 

  50.   # identity

  51.   handle @identity {

  52.         reverse_proxy localhost:8090  {

  53.                header_up X-Forwarded-Port {http.request.port}

  54.                header_up X-Forwarded-Proto {http.request.scheme}

  55.                header_up X-Forwarded-TlsProto {tls_protocol}

  56.                header_up X-Forwarded-TlsCipher {tls_cipher}

  57.                header_up X-Forwarded-HttpsProto {proto}

  58.         }

  59.   }

  60. 

  61.   # search

  62.   handle @search {

  63.         reverse_proxy localhost:8090   {

  64.                header_up X-Forwarded-Port {http.request.port}

  65.                header_up X-Forwarded-Proto {http.request.scheme}

  66.                header_up X-Forwarded-TlsProto {tls_protocol}

  67.                header_up X-Forwarded-TlsCipher {tls_cipher}

  68.                header_up X-Forwarded-HttpsProto {proto}

  69.         }

  70.   }

  71. 

  72.   handle {

  73.         encode zstd gzip

  74. 

  75.         reverse_proxy localhost:8008  {

  76.                header_up X-Forwarded-Port {http.request.port}

  77.                header_up X-Forwarded-Proto {http.request.scheme}

  78.                header_up X-Forwarded-TlsProto {tls_protocol}

  79.                header_up X-Forwarded-TlsCipher {tls_cipher}

  80.                header_up X-Forwarded-HttpsProto {proto}

  81.         }

  82.   }

  83. }

  84. 

  85. matrix.DOMAIN.tld:8448 {

  86.     handle {

  87.         encode zstd gzip

  88. 

  89.         reverse_proxy 127.0.0.1:8048 {

  90.                header_up X-Forwarded-Port {http.request.port}

  91.                header_up X-Forwarded-Proto {http.request.scheme}

  92.                header_up X-Forwarded-TlsProto {tls_protocol}

  93.                header_up X-Forwarded-TlsCipher {tls_cipher}

  94.                header_up X-Forwarded-HttpsProto {proto}

  95.         }

  96.     }

  97. }

  98. 

  99. element.DOMAIN.tld {

  100. 

  101.       # creates letsencrypt certificate

  102.       # tls your@email.com

  103. 

  104.       header {

  105.          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  106.         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  107.         	# Enable cross-site filter (XSS) and tell browser to block detected attacks

  108.         	X-XSS-Protection "1; mode=block"

  109.         	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  110.         	X-Content-Type-Options "nosniff"

  111.         	# Disallow the site to be rendered within a frame (clickjacking protection)

  112.         	X-Frame-Options "DENY"

  113.         	# X-Robots-Tag

  114.         	X-Robots-Tag "noindex, noarchive, nofollow"

  115.   	}

  116. 

  117.         handle {

  118.               encode zstd gzip

  119. 

  120.               reverse_proxy localhost:8765 {

  121.                      header_up X-Forwarded-Port {http.request.port}

  122.                      header_up X-Forwarded-Proto {http.request.scheme}

  123.                      header_up X-Forwarded-TlsProto {tls_protocol}

  124.                      header_up X-Forwarded-TlsCipher {tls_cipher}

  125.                      header_up X-Forwarded-HttpsProto {proto}

  126.         }

  127. }

  128. 

  129. #dimension.DOMAIN.tld {

  130. #

  131. #      # creates letsencrypt certificate

  132. #      # tls your@email.com

  133. #

  134. #      header {

  135. #          # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  136. #          Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  137. #          # Enable cross-site filter (XSS) and tell browser to block detected attacks

  138. #          X-XSS-Protection "1; mode=block"

  139. #          # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  140. #          X-Content-Type-Options "nosniff"

  141. #          # Disallow the site to be rendered within a frame (clickjacking protection)

  142. #          X-Frame-Options "DENY"

  143. #          # X-Robots-Tag

  144. #          X-Robots-Tag "noindex, noarchive, nofollow"

  145. #    }

  146. #

  147. #      handle {

  148. #          encode zstd gzip

  149. #

  150. #          reverse_proxy localhost:8184  {

  151. #                  header_up X-Forwarded-Port {http.request.port}

  152. #                  header_up X-Forwarded-Proto {http.request.scheme}

  153. #                  header_up X-Forwarded-TlsProto {tls_protocol}

  154. #                  header_up X-Forwarded-TlsCipher {tls_cipher}

  155. #                  header_up X-Forwarded-HttpsProto {proto}

  156. #          }

  157. #    }

  158. #}

  159. 

  160. 

  161. #jitsi.DOMAIN.tld {

  162. #

  163. #  creates letsencrypt certificate

  164. #  tls your@email.com

  165. #

  166. #  header {

  167. #        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS

  168. #        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  169. #

  170. #        # Enable cross-site filter (XSS) and tell browser to block detected attacks

  171. #        X-XSS-Protection "1; mode=block"

  172. #

  173. #        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type

  174. #        X-Content-Type-Options "nosniff"

  175. #

  176. #        # Disallow the site to be rendered within a frame (clickjacking protection)

  177. #        X-Frame-Options "SAMEORIGIN"

  178. #

  179. #        # Disable some features

  180. #        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"

  181. #

  182. #        # Referer

  183. #        Referrer-Policy "no-referrer"

  184. #

  185. #        # X-Robots-Tag

  186. #        X-Robots-Tag "none"

  187. #

  188. #        # Remove Server header

  189. #        -Server

  190. #  }

  191. #

  192. #  handle {

  193. #        encode zstd gzip

  194. #

  195. #        reverse_proxy 127.0.0.1:13080 {

  196. #               header_up X-Forwarded-Port {http.request.port}

  197. #               header_up X-Forwarded-Proto {http.request.scheme}

  198. #               header_up X-Forwarded-TlsProto {tls_protocol}

  199. #               header_up X-Forwarded-TlsCipher {tls_cipher}

  200. #               header_up X-Forwarded-HttpsProto {proto}

  201. #        }

  202. #  }

  203. #}