packages/frontend/Caddyfile.example at cache-folder-container

jbc.lol / wafrn
fork atom
unoffical wafrn mirror wafrn.net
atproto social-network activitypub
fork atom
wafrn / packages / frontend / Caddyfile.example
at cache-folder-container 117 lines 3.3 kB view raw
wrap content
jbc.lol favicon thingy 3w ago
298a4ed1
  1{
  2    email ${{ACME_EMAIL}}
  3
  4    log {
  5
  6    }
  7
  8    metrics {
  9        per_host
 10    }
 11
 12    admin 0.0.0.0:2019
 13
 14    on_demand_tls {
 15        ask http://${{PDS_HOST:-pds:3000}}/tls-check
 16    }
 17
 18    import /etc/caddy/config/global/* ${{DOMAIN_NAME}}
 19}
 20
 21${{MEDIA_DOMAIN}} {
 22    import /etc/caddy/config/media_domain_pre/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}
 23
 24    handle {
 25        root * /var/www/html/uploads/
 26        try_files {path} /index.html
 27        file_server
 28    }
 29
 30    import /etc/caddy/config/media_domain_post/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}
 31}
 32
 33${{CACHE_DOMAIN}} {
 34    import /etc/caddy/config/cache_domain_pre/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}
 35
 36    handle /api/cache* {
 37        reverse_proxy ${{CACHE_HOST:-backend:9000}}
 38    }
 39
 40    handle /api/v2/cache/* {
 41        reverse_proxy ${{CACHE_HOST:-backend:9000}}
 42    }
 43
 44    import /etc/caddy/config/cache_domain_post/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}
 45}
 46
 47${{DOMAIN_NAME}} {
 48    encode zstd gzip
 49    
 50    import /etc/caddy/config/main_domain_pre/* ${{DOMAIN_NAME}}
 51
 52    header * {
 53        X-Clacks-Overhead "GNU Terry Pratchett"
 54        Service-Worker-Allowed: "/",
 55        # Cache-Control: no-cache, no-store, must-revalidate
 56        Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline'; style-src-elem 'self' data: 'unsafe-inline'; style-src-attr 'self' data: 'unsafe-inline'; object-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; frame-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}}; worker-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'"
 57    }
 58
 59    handle_path /api/websocket* {
 60        reverse_proxy ${{WEBSOCKET_HOST:-backend:9000}}
 61    }
 62    
 63    @api path /api* /fediverse* /contexts* /post* /blog* /.well-known*
 64
 65    handle @api {
 66        reverse_proxy ${{BACKEND_HOST:-backend:9000}}
 67    }
 68
 69
 70    handle_path /adminer* {
 71        reverse_proxy ${{ADMINER_HOST:-adminer:8080}}
 72    }
 73
 74    import /etc/caddy/config/main_domain_mid/* ${{DOMAIN_NAME}}
 75
 76    handle {
 77        root * /var/www/html/frontend/
 78        try_files {path} /index.html
 79        file_server
 80    }
 81
 82    import /etc/caddy/config/main_domain_post/* ${{DOMAIN_NAME}}
 83}
 84
 85monitoring.${{DOMAIN_NAME}} {
 86    import /etc/caddy/config/monitoring_domain_pre/* ${{DOMAIN_NAME}}
 87
 88    reverse_proxy ${{GRAFANA_HOST:-grafana:2345}}
 89
 90    import /etc/caddy/config/monitoring_domain_post/* ${{DOMAIN_NAME}}
 91}
 92
 93${{PDS_DOMAIN_NAME}} *.${{PDS_DOMAIN_NAME}} {
 94    import /etc/caddy/config/pds_domain_pre/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}
 95
 96    tls {
 97        on_demand
 98    }
 99
100    handle /favicon.ico {
101        root * /var/www/html/frontend/
102        try_files {path} /favicon.ico
103        file_server
104    }
105
106    handle / {
107        root * /pds-homepage
108        try_files {path} /pds.txt
109        file_server
110    }
111
112    reverse_proxy ${{PDS_HOST:-pds:3000}}
113
114    import /etc/caddy/config/pds_domain_post/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}
115}
116
117import /etc/caddy/config/vhosts/* ${{DOMAIN_NAME}}