flake/hosts/lightsail-tokyo/Caddyfile

141 lines
2.4 KiB
Text
Raw Normal View History

{
# Disables HTTP/3 for Hysteria
# https://github.com/apernet/hysteria/issues/768
servers :443 {
protocols h1 h2 h2c
}
}
(header) {
header {
# https://observatory.mozilla.org/analyze/ny4.dev
# https://infosec.mozilla.org/guidelines/web_security
# https://caddyserver.com/docs/caddyfile/directives/header#examples
?Content-Security-Policy "default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'"
?Permissions-Policy interest-Hpcohort=()
?Strict-Transport-Security max-age=31536000;
?X-Content-Type-Options nosniff
?X-Frame-Options DENY
}
}
(compression) {
encode zstd gzip
}
(robots) {
handle_path /robots.txt {
file_server * {
root /var/www/robots/robots.txt
}
}
}
(default) {
import header
import compression
import robots
}
www.ny4.dev {
import default
redir https://ny4.dev
}
ny4.dev {
import default
# Synapse
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/matrix/* {
file_server * {
root /var/www/matrix
}
}
# Mastodon
header /.well-known/webfinger Access-Control-Allow-Origin *
redir /.well-known/webfinger https://mastodon.ny4.dev{uri} permanent
# Homepage Dashboard
reverse_proxy localhost:9200
}
searx.ny4.dev {
import default
reverse_proxy localhost:8100
}
pb.ny4.dev {
import default
reverse_proxy localhost:8200
}
uptime.ny4.dev {
import default
reverse_proxy localhost:8300
}
ntfy.ny4.dev {
import default
reverse_proxy unix//run/ntfy-sh/ntfy.sock
}
pixiv.ny4.dev {
import default
basicauth {
Guanran928 $2a$14$aI977hGZCX6H9IiyG7avdOFxXFGtlt7DcIahTkInPhEx9Sfhk7bri
}
reverse_proxy unix//run/pixivfe/pixiv.sock
}
matrix.ny4.dev {
import default
reverse_proxy /_matrix/* localhost:8600
reverse_proxy /_synapse/client/* localhost:8600
reverse_proxy /health localhost:8600
}
syncv3.ny4.dev {
import default
reverse_proxy localhost:8700
}
id.ny4.dev {
import default
reverse_proxy localhost:8800
}
element.ny4.dev {
import default
root * @element@
file_server
}
mastodon.ny4.dev {
import default
handle_path /system/* {
reverse_proxy localhost:9100
}
handle /api/v1/streaming/* {
reverse_proxy localhost:9000
}
route * {
file_server * {
root @mastodon@/public
pass_thru
}
reverse_proxy * localhost:8900
}
handle_errors {
root * @mastodon@/public
rewrite 500.html
file_server
}
}