Add hsts snippet

2021-09-04 16:47:16 -05:00
parent 5ec08910ce
commit d265cc7253
18 changed files with 22 additions and 1 deletions
--- a/4
+++ b/4
@@ -24,6 +24,10 @@
 }

 (hsts) {
+    header Strict-Transport-Security max-age=31536000
+}
+
+(matrix-well-known) {
    handle_path /.well-known/matrix/* {
        header Access-Control-Allow-Origin "*"
        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
--- a/conf.d/bin.boba.best
+++ b/conf.d/bin.boba.best
@@ -2,7 +2,7 @@

 bin.boba.best {
    encode zstd gzip
-    header Strict-Transport-Security max-age=31536000
+    import hsts

    root * /var/www/bin.boba.best
    php_fastcgi unix//run/php/php-fpm.sock
--- a/conf.d/boba.best
+++ b/conf.d/boba.best
@@ -5,6 +5,7 @@ www.boba.best {
 }
 boba.best {
    import matrix-well-known
+    import hsts

    header Access-Control-Allow-Origin *
    root * /var/www/boba.best/public
--- a/conf.d/drone.boba.best
+++ b/conf.d/drone.boba.best
@@ -2,6 +2,7 @@

 drone.boba.best {
    encode zstd gzip
+    import hsts

    reverse_proxy localhost:8081 {
        header_up X-Real-IP {remote_host}
--- a/conf.d/emotes.boba.best
+++ b/conf.d/emotes.boba.best
@@ -2,6 +2,7 @@

 emotes.boba.best {
    encode zstd gzip
+    import hsts

    root * /var/www/emotes.boba.best/public
    file_server {
--- a/conf.d/errors.boba.best
+++ b/conf.d/errors.boba.best
@@ -1,6 +1,8 @@
 # vim: ft=caddyfile

 errors.boba.best {
+    encode zstd gzip
+    import hsts
    root * /etc/caddy/errors/img
    file_server
    import basicerrors
--- a/conf.d/flower.boba.best
+++ b/conf.d/flower.boba.best
@@ -2,6 +2,7 @@

 flower.boba.best {
    encode zstd gzip
+    import hsts

    root * /var/www/flower.boba.best
    handle {
--- a/conf.d/furry.boba.best
+++ b/conf.d/furry.boba.best
@@ -2,6 +2,7 @@

 furry.boba.best {
    encode zstd gzip
+    import hsts

    root * /var/www/furry.boba.best
    handle {
--- a/conf.d/git.boba.best
+++ b/conf.d/git.boba.best
@@ -2,6 +2,7 @@

 git.boba.best {
    encode zstd gzip
+    import hsts

    handle_path /_/static/assets/* {
        root * /var/www/git.boba.best/public
--- a/conf.d/grafana.boba.best
+++ b/conf.d/grafana.boba.best
@@ -2,6 +2,7 @@

 grafana.boba.best {
    encode zstd gzip
+    import hsts

    reverse_proxy localhost:84
    import basicerrors
--- a/conf.d/mail.boba.best
+++ b/conf.d/mail.boba.best
@@ -2,6 +2,7 @@

 mail.boba.best mail.bbaovanc.com autodiscover.boba.best autodiscover.bbaovanc.com autoconfig.boba.best autoconfig.bbaovanc.com {
    encode zstd gzip
+    import hsts

    reverse_proxy localhost:8082 {
        header_up X-Real-IP {remote_host}
--- a/conf.d/matrix.boba.best
+++ b/conf.d/matrix.boba.best
@@ -2,6 +2,7 @@

 matrix.boba.best {
    encode zstd gzip
+    import hsts

    import matrix-well-known

--- a/conf.d/peertube.boba.best
+++ b/conf.d/peertube.boba.best
@@ -2,6 +2,7 @@

 peertube.boba.best {
    encode zstd gzip
+    import hsts

    reverse_proxy 127.0.0.1:9000 {
        header_up X-Real-IP {remote_host}
--- a/conf.d/rick.boba.best
+++ b/conf.d/rick.boba.best
@@ -1,6 +1,7 @@
 # vim: ft=caddyfile

 rick.boba.best {
+    encode zstd gzip
    redir https://www.youtube.com/watch?v=dQw4w9WgXcQ temporary
    import basicerrors
 }
--- a/conf.d/status.boba.best
+++ b/conf.d/status.boba.best
@@ -2,6 +2,7 @@

 status.boba.best {
    encode zstd gzip
+    import hsts
    respond "I can't find any good status page software." 404
    import basicerrors
 }
--- a/conf.d/stib.boba.best
+++ b/conf.d/stib.boba.best
@@ -2,6 +2,7 @@

 stib.boba.best {
    encode zstd gzip
+    import hsts

    root * /var/www/stib.boba.best
    handle {
--- a/conf.d/turn.boba.best
+++ b/conf.d/turn.boba.best
@@ -1,5 +1,6 @@
 # vim: ft=caddyfile

 turn.boba.best {
+    encode zstd gzip
    respond "where are you"
 }
--- a/conf.d/vault.boba.best
+++ b/conf.d/vault.boba.best
@@ -2,6 +2,7 @@

 vault.boba.best {
    encode zstd gzip
+    import hsts

    header {
        X-XSS-Protection "1; mode=block"