forked from colin/resume
54 lines
1.6 KiB
Caddyfile
54 lines
1.6 KiB
Caddyfile
:8080 {
|
|
root * .
|
|
file_server
|
|
encode gzip
|
|
|
|
# Performance optimizations
|
|
header {
|
|
# Remove default Caddy headers
|
|
-Server
|
|
-X-Powered-By
|
|
|
|
# HSTS
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
|
|
# Basic security headers
|
|
X-Frame-Options "DENY"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Permissions policy
|
|
Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
|
|
|
|
# Cross-origin isolation headers
|
|
Cross-Origin-Embedder-Policy "require-corp"
|
|
Cross-Origin-Resource-Policy "same-origin"
|
|
Cross-Origin-Opener-Policy "same-origin"
|
|
|
|
# Cache control for static assets
|
|
Cache-Control "public, max-age=31536000, immutable"
|
|
|
|
# CSP with hashes for scripts
|
|
Content-Security-Policy "default-src 'none'; script-src 'self' 'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544=' 'sha256-anTkUs/oFZJulKUMaMjZlwaALEmPOP8op0psAo5Bhh8='; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
|
|
}
|
|
|
|
# Handle 404s
|
|
handle_errors {
|
|
respond "{err.status_code} {err.status_text}"
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output stdout
|
|
format json
|
|
}
|
|
|
|
# Enable HTTP/2
|
|
protocols h2c h2 http/1.1
|
|
|
|
# Enable static file serving with caching
|
|
file_server {
|
|
precompressed
|
|
browse
|
|
}
|
|
} |