diff options
| author | kaniini <nenolod@gmail.com> | 2018-08-26 21:06:15 +0000 |
|---|---|---|
| committer | kaniini <nenolod@gmail.com> | 2018-08-26 21:06:15 +0000 |
| commit | 0f5bff8c66fa2b67633fe05de8aaa1985f4d98f8 (patch) | |
| tree | 45a693814a7f1f7bd2d6108732f2b75086f1fa0a /installation/caddyfile-pleroma.example | |
| parent | 30261772063a30ca0ef299f441cfed4630ffb630 (diff) | |
| parent | 3448b434f54e8b4749524e3ccd876359a6501845 (diff) | |
| download | pleroma-0f5bff8c66fa2b67633fe05de8aaa1985f4d98f8.tar.gz pleroma-0f5bff8c66fa2b67633fe05de8aaa1985f4d98f8.zip | |
Merge branch 'develop' into 'feature/relay'
# Conflicts:
# lib/pleroma/web/activity_pub/utils.ex
Diffstat (limited to 'installation/caddyfile-pleroma.example')
| -rw-r--r-- | installation/caddyfile-pleroma.example | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index e0f9dc917..ed24fc16c 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -1,8 +1,32 @@ social.domain.tld { - tls user@domain.tld + log /var/log/caddy/pleroma_access.log + errors /var/log/caddy/pleroma_error.log - log /var/log/caddy/pleroma.log + gzip + proxy / localhost:4000 { + websocket + transparent + } + + tls user@domain.tld { + # Remove the rest of the lines in here, if you want to support older devices + key_type p256 + ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 + } + + header / { + X-XSS-Protection "1; mode=block" + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "same-origin" + Strict-Transport-Security "max-age=31536000; includeSubDomains;" + Expect-CT "enforce, max-age=2592000" + } + + # If you do not want remote frontends to be able to access your Pleroma backend server, remove these lines. + # If you want to allow all origins access, remove the origin lines. + # To use this directive, you need the http.cors plugin for Caddy. cors / { origin https://halcyon.domain.tld origin https://pinafore.domain.tld @@ -10,9 +34,13 @@ social.domain.tld { allowed_headers Authorization,Content-Type,Idempotency-Key exposed_headers Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id } + # Stop removing lines here. - proxy / localhost:4000 { - websocket - transparent + # If you do not want to use the mediaproxy function, remove these lines. + # To use this directive, you need the http.cache plugin for Caddy. + cache { + match_path /proxy + default_max_age 720m } + # Stop removing lines here. } |