From d265cc72539d72feb90ce7a70e7f82ab5a8b649a Mon Sep 17 00:00:00 2001 From: BBaoVanC Date: Sat, 4 Sep 2021 16:47:16 -0500 Subject: [PATCH] Add hsts snippet --- Caddyfile | 4 ++++ conf.d/bin.boba.best | 2 +- conf.d/boba.best | 1 + conf.d/drone.boba.best | 1 + conf.d/emotes.boba.best | 1 + conf.d/errors.boba.best | 2 ++ conf.d/flower.boba.best | 1 + conf.d/furry.boba.best | 1 + conf.d/git.boba.best | 1 + conf.d/grafana.boba.best | 1 + conf.d/mail.boba.best | 1 + conf.d/matrix.boba.best | 1 + conf.d/peertube.boba.best | 1 + conf.d/rick.boba.best | 1 + conf.d/status.boba.best | 1 + conf.d/stib.boba.best | 1 + conf.d/turn.boba.best | 1 + conf.d/vault.boba.best | 1 + 18 files changed, 22 insertions(+), 1 deletion(-) diff --git a/Caddyfile b/Caddyfile index f4a3165..12c87bf 100644 --- a/Caddyfile +++ b/Caddyfile @@ -24,6 +24,10 @@ } } +(hsts) { + header Strict-Transport-Security max-age=31536000 +} + (matrix-well-known) { handle_path /.well-known/matrix/* { header Access-Control-Allow-Origin "*" diff --git a/conf.d/bin.boba.best b/conf.d/bin.boba.best index 0185196..4707ea4 100644 --- a/conf.d/bin.boba.best +++ b/conf.d/bin.boba.best @@ -2,7 +2,7 @@ bin.boba.best { encode zstd gzip - header Strict-Transport-Security max-age=31536000 + import hsts root * /var/www/bin.boba.best php_fastcgi unix//run/php/php-fpm.sock diff --git a/conf.d/boba.best b/conf.d/boba.best index e77cb39..67d1a1a 100644 --- a/conf.d/boba.best +++ b/conf.d/boba.best @@ -5,6 +5,7 @@ www.boba.best { } boba.best { import matrix-well-known + import hsts header Access-Control-Allow-Origin * root * /var/www/boba.best/public diff --git a/conf.d/drone.boba.best b/conf.d/drone.boba.best index 41ed228..df40783 100644 --- a/conf.d/drone.boba.best +++ b/conf.d/drone.boba.best @@ -2,6 +2,7 @@ drone.boba.best { encode zstd gzip + import hsts reverse_proxy localhost:8081 { header_up X-Real-IP {remote_host} diff --git a/conf.d/emotes.boba.best b/conf.d/emotes.boba.best index 8949a44..32f4294 100644 --- a/conf.d/emotes.boba.best +++ b/conf.d/emotes.boba.best @@ -2,6 +2,7 @@ emotes.boba.best { encode zstd gzip + import hsts root * /var/www/emotes.boba.best/public file_server { diff --git a/conf.d/errors.boba.best b/conf.d/errors.boba.best index 027e45a..cc6593f 100644 --- a/conf.d/errors.boba.best +++ b/conf.d/errors.boba.best @@ -1,6 +1,8 @@ # vim: ft=caddyfile errors.boba.best { + encode zstd gzip + import hsts root * /etc/caddy/errors/img file_server import basicerrors diff --git a/conf.d/flower.boba.best b/conf.d/flower.boba.best index 6033565..dbac851 100644 --- a/conf.d/flower.boba.best +++ b/conf.d/flower.boba.best @@ -2,6 +2,7 @@ flower.boba.best { encode zstd gzip + import hsts root * /var/www/flower.boba.best handle { diff --git a/conf.d/furry.boba.best b/conf.d/furry.boba.best index 3fc8a45..1a7f0ec 100644 --- a/conf.d/furry.boba.best +++ b/conf.d/furry.boba.best @@ -2,6 +2,7 @@ furry.boba.best { encode zstd gzip + import hsts root * /var/www/furry.boba.best handle { diff --git a/conf.d/git.boba.best b/conf.d/git.boba.best index 48210be..196fd96 100644 --- a/conf.d/git.boba.best +++ b/conf.d/git.boba.best @@ -2,6 +2,7 @@ git.boba.best { encode zstd gzip + import hsts handle_path /_/static/assets/* { root * /var/www/git.boba.best/public diff --git a/conf.d/grafana.boba.best b/conf.d/grafana.boba.best index 9041724..65e145f 100644 --- a/conf.d/grafana.boba.best +++ b/conf.d/grafana.boba.best @@ -2,6 +2,7 @@ grafana.boba.best { encode zstd gzip + import hsts reverse_proxy localhost:84 import basicerrors diff --git a/conf.d/mail.boba.best b/conf.d/mail.boba.best index 9ee63d8..fab8f71 100644 --- a/conf.d/mail.boba.best +++ b/conf.d/mail.boba.best @@ -2,6 +2,7 @@ mail.boba.best mail.bbaovanc.com autodiscover.boba.best autodiscover.bbaovanc.com autoconfig.boba.best autoconfig.bbaovanc.com { encode zstd gzip + import hsts reverse_proxy localhost:8082 { header_up X-Real-IP {remote_host} diff --git a/conf.d/matrix.boba.best b/conf.d/matrix.boba.best index abc8eec..15a8643 100644 --- a/conf.d/matrix.boba.best +++ b/conf.d/matrix.boba.best @@ -2,6 +2,7 @@ matrix.boba.best { encode zstd gzip + import hsts import matrix-well-known diff --git a/conf.d/peertube.boba.best b/conf.d/peertube.boba.best index b907225..3507117 100644 --- a/conf.d/peertube.boba.best +++ b/conf.d/peertube.boba.best @@ -2,6 +2,7 @@ peertube.boba.best { encode zstd gzip + import hsts reverse_proxy 127.0.0.1:9000 { header_up X-Real-IP {remote_host} diff --git a/conf.d/rick.boba.best b/conf.d/rick.boba.best index f009d07..0ca8f4c 100644 --- a/conf.d/rick.boba.best +++ b/conf.d/rick.boba.best @@ -1,6 +1,7 @@ # vim: ft=caddyfile rick.boba.best { + encode zstd gzip redir https://www.youtube.com/watch?v=dQw4w9WgXcQ temporary import basicerrors } diff --git a/conf.d/status.boba.best b/conf.d/status.boba.best index bfa923a..24922bd 100644 --- a/conf.d/status.boba.best +++ b/conf.d/status.boba.best @@ -2,6 +2,7 @@ status.boba.best { encode zstd gzip + import hsts respond "I can't find any good status page software." 404 import basicerrors } diff --git a/conf.d/stib.boba.best b/conf.d/stib.boba.best index df3b0c2..b4aab85 100644 --- a/conf.d/stib.boba.best +++ b/conf.d/stib.boba.best @@ -2,6 +2,7 @@ stib.boba.best { encode zstd gzip + import hsts root * /var/www/stib.boba.best handle { diff --git a/conf.d/turn.boba.best b/conf.d/turn.boba.best index 26c557c..1e03dbc 100644 --- a/conf.d/turn.boba.best +++ b/conf.d/turn.boba.best @@ -1,5 +1,6 @@ # vim: ft=caddyfile turn.boba.best { + encode zstd gzip respond "where are you" } diff --git a/conf.d/vault.boba.best b/conf.d/vault.boba.best index 66f0437..dae33ed 100644 --- a/conf.d/vault.boba.best +++ b/conf.d/vault.boba.best @@ -2,6 +2,7 @@ vault.boba.best { encode zstd gzip + import hsts header { X-XSS-Protection "1; mode=block"