From 9f543cc97d9621efe83bd858cb72c18db3103f32 Mon Sep 17 00:00:00 2001 From: Alex NeonXP Date: Wed, 21 Feb 2024 22:41:10 +0300 Subject: Конфиги https минцифры MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 1 + etc/Caddyfile | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1505a51..e1a4464 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,7 @@ services: - ./etc/Caddyfile:/etc/caddy/Caddyfile - caddy_data:/data - blog_data:/var/www/neonxp.dev/public + - ./etc/ssl:/data/ssl networks: - gateway diff --git a/etc/Caddyfile b/etc/Caddyfile index c4d1520..038e420 100644 --- a/etc/Caddyfile +++ b/etc/Caddyfile @@ -41,19 +41,24 @@ neonxp.dev { redir https://neonxp.ru } -neonxp.ru { - tls i@neonxp.dev +neonxp.ru:80 { + encode gzip + root * /var/www/neonxp.dev/public + file_server + header / { + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } + log { + output file /var/log/caddy/neonxp.dev/neonxp.dev.log + } +} + +neonxp.ru:443 { + tls /data/ssl/chain.cer /data/ssl/neonxp.ru.key encode gzip root * /var/www/neonxp.dev/public file_server header / { - Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" - Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" - X-Xss-Protection = "1; mode=block" - X-Frame-Options = "DENY" - X-Content-Type-Options = "nosniff" - Referrer-Policy = "strict-origin-when-cross-origin" - Permissions-Policy = "fullscreen=(self)" cache-control = "max-age=0,no-cache,no-store,must-revalidate" } log { -- cgit v1.2.3