Thomas Gräfenstein
b918e713e5
Move security headers to Caddy (edge proxy), remove nginx gzip (Caddy already compresses), add asset_immutable map for versioned cache control, add missing static file extensions, fix .well-known block, and hide X-Powered-By header.
31 lines
546 B
Caddyfile
31 lines
546 B
Caddyfile
{
|
|
servers {
|
|
timeouts {
|
|
read_header 10s
|
|
idle 60s
|
|
}
|
|
max_header_size 16KB
|
|
}
|
|
}
|
|
|
|
nextcloud.t-gstone.de {
|
|
encode zstd gzip
|
|
|
|
reverse_proxy nextcloud-nginx:80
|
|
|
|
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
header Referrer-Policy "no-referrer"
|
|
header X-Content-Type-Options "nosniff"
|
|
header X-Frame-Options "SAMEORIGIN"
|
|
header X-Permitted-Cross-Domain-Policies "none"
|
|
header X-Robots-Tag "noindex, nofollow"
|
|
|
|
request_body {
|
|
max_size 10G
|
|
}
|
|
}
|
|
|
|
git.t-gstone.de {
|
|
reverse_proxy gitea:3000
|
|
}
|