Update Nextcloud internal Caddyfile
Add suggested security improvements and static file caching.
This commit is contained in:
parent
388a1d8cfc
commit
26cceccfd9
GPG key ID:
EDBF2ED917B2EF6A
1 changed files with 52 additions and 6 deletions
|
|
@ -1,16 +1,34 @@
|
|||
:80 {
|
||||
root * /var/www/html
|
||||
file_server
|
||||
{
|
||||
servers {
|
||||
trusted_proxies static 10.0.0.0/8
|
||||
}
|
||||
}
|
||||
|
||||
:80 {
|
||||
encode zstd gzip
|
||||
root * /var/www/html
|
||||
|
||||
php_fastcgi app:9000
|
||||
header {
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
Permissions-Policy interest-cohort=()
|
||||
X-Content-Type-Options nosniff
|
||||
X-Frame-Options SAMEORIGIN
|
||||
Referrer-Policy no-referrer
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Permitted-Cross-Domain-Policies none
|
||||
X-Robots-Tag "noindex, nofollow"
|
||||
-X-Powered-By
|
||||
}
|
||||
|
||||
redir /.well-known/carddav /remote.php/dav 301
|
||||
redir /.well-known/caldav /remote.php/dav 301
|
||||
|
||||
# Uncomment this block if you use the high speed files backend: https://github.com/nextcloud/notify_push
|
||||
#handle_path /push/* {
|
||||
# reverse_proxy unix//run/notify_push/notify_push.sock # I love Unix sockets, but you can do :7867 also
|
||||
#}
|
||||
|
||||
# .htaccess / data / config / ... shouldn't be accessible from outside
|
||||
@forbidden {
|
||||
path /.htaccess
|
||||
|
|
@ -25,8 +43,36 @@
|
|||
path /occ
|
||||
path /console.php
|
||||
}
|
||||
|
||||
respond @forbidden 404
|
||||
|
||||
handle @forbidden {
|
||||
respond 404
|
||||
}
|
||||
|
||||
handle {
|
||||
root * /var/www/html
|
||||
php_fastcgi app:9000 {
|
||||
# Tells nextcloud to remove /index.php from URLs in links
|
||||
env front_controller_active true
|
||||
env modHeadersAvailable true # Avoid sending the security headers twice
|
||||
}
|
||||
}
|
||||
|
||||
# From .htaccess, set cache for versioned static files (cache-busting)
|
||||
@immutable {
|
||||
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
|
||||
query v=*
|
||||
}
|
||||
header @immutable Cache-Control "max-age=15778463, immutable"
|
||||
|
||||
# From .htaccess, set cache for normal static files
|
||||
@static {
|
||||
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
|
||||
not query v=*
|
||||
}
|
||||
header @static Cache-Control "max-age=15778463"
|
||||
|
||||
# From .htaccess, cache fonts for 1 week
|
||||
@woff2 path *.woff2
|
||||
header @woff2 Cache-Control "max-age=604800"
|
||||
|
||||
file_server
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue