45 lines
1012 B
Caddyfile
45 lines
1012 B
Caddyfile
# Caddyfile for Synapsis
|
|
# Automatic HTTPS via Let's Encrypt
|
|
|
|
www.{$DOMAIN} {
|
|
redir https://{$DOMAIN}{uri} permanent
|
|
}
|
|
|
|
{$DOMAIN} {
|
|
# Reverse proxy to Synapsis app (port is set via APP_PORT env var)
|
|
reverse_proxy app:{$APP_PORT:3000}
|
|
|
|
# Enable compression
|
|
encode gzip
|
|
|
|
# Security headers
|
|
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# Prevent clickjacking
|
|
X-Frame-Options "SAMEORIGIN"
|
|
# Prevent MIME type sniffing
|
|
X-Content-Type-Options "nosniff"
|
|
# XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Referrer policy
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file /data/access.log
|
|
format json
|
|
}
|
|
|
|
# Increase max body size for uploads (20MB)
|
|
request_body {
|
|
max_size 20MB
|
|
}
|
|
}
|
|
|
|
# Health check endpoint for Docker
|
|
:8080 {
|
|
respond /health "healthy" 200
|
|
}
|