diff --git a/caddy.example.conf b/caddy.example.conf index 615501443..3efed5a76 100644 --- a/caddy.example.conf +++ b/caddy.example.conf @@ -1,23 +1,28 @@ -# Caddy configuration file for running epicyon on example.com +# Example configuration file for running Caddy2 in front of Epicyon -example.com { - tls { - # Valid values are rsa2048, rsa4096, rsa8192, p256, and p384. - # Default is currently p256. - key_type p384 - } - header / Strict-Transport-Security "max-age=31556925" - header / X-Content-Type-Options "nosniff" - header / X-Download-Options "noopen" - header / X-Frame-Options "DENY" - header / X-Permitted-Cross-Domain-Policies "none" - header / X-Robots-Tag "noindex" - header / X-XSS-Protection "1; mode=block" +YOUR_DOMAIN { + tls USER@YOUR_DOMAIN - proxy / http://localhost:7156 { - transparent - timeout 10800s + header { + Strict-Transport-Security "max-age=31556925" + Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'" + X-Content-Type-Options "nosniff" + X-Download-Options "noopen" + X-Frame-Options "DENY" + X-Permitted-Cross-Domain-Policies "none" + X-XSS-Protection "1; mode=block" } + + route /newsmirror/* { + root * /var/www/YOUR_DOMAIN + file_server + } + + route /* { + reverse_proxy http://127.0.0.1:7156 + } + + encode zstd gzip } -# eof +# eof \ No newline at end of file