40 lines
1.1 KiB
Caddyfile
40 lines
1.1 KiB
Caddyfile
# =============================================================================
|
|
# Caddy Configuration for Forgejo
|
|
# Automatic HTTPS with Let's Encrypt
|
|
# =============================================================================
|
|
|
|
{$FORGEJO_DOMAIN} {
|
|
# Reverse proxy to Forgejo
|
|
reverse_proxy forgejo:3000
|
|
|
|
# Enable compression
|
|
encode gzip zstd
|
|
|
|
# Security headers
|
|
header {
|
|
# HSTS
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# Prevent clickjacking
|
|
X-Frame-Options "SAMEORIGIN"
|
|
# XSS protection
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
# Referrer policy
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
# Remove server header
|
|
-Server
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /data/access.log {
|
|
roll_size 10mb
|
|
roll_keep 5
|
|
}
|
|
}
|
|
}
|
|
|
|
# HTTP to HTTPS redirect (automatic with Caddy, but explicit for clarity)
|
|
http://{$FORGEJO_DOMAIN} {
|
|
redir https://{$FORGEJO_DOMAIN}{uri} permanent
|
|
}
|