Skip to content

Commit

Permalink
Update Caddyfile
Browse files Browse the repository at this point in the history
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
  • Loading branch information
ArchBlood authored Nov 12, 2024
1 parent 13b4bf5 commit 3a4e6e8
Showing 1 changed file with 66 additions and 2 deletions.
68 changes: 66 additions & 2 deletions Caddyfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,74 @@
{
# Global options
auto_https off
admin off
auto_https off
servers {
protocol {
experimental_http3
}
}
}

# Main site configuration
:80 {
root * /app
php_server
php_server {
index index.php
}

# Security headers
header {
# Security headers
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
# HSTS (uncomment if you're using HTTPS)
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

# Remove X-Powered-By header
-X-Powered-By
}

# Deny access to sensitive files
@sensitive {
path /.env
path /composer.json
path /composer.lock
path /package.json
path /package-lock.json
path /protected/*
path /uploads/file/*
path /.git/*
path /.github/*
path /vendor/*
path /node_modules/*
}
respond @sensitive 403

# Handle static files
handle_path /static/* {
root * /app/static
file_server
}

# Handle uploads with proper security
handle_path /uploads/* {
root * /app/uploads
file_server
}

# PHP handling
handle {
encode gzip
php_fastcgi unix//var/run/php-fpm.sock
file_server
}

# Logging
log {
output file /var/log/humhub/access.log
format json
}
}

0 comments on commit 3a4e6e8

Please sign in to comment.