logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma
commit: 7faed99450221bab4d34f4853f877c6011d6bf21
parent: d802903c15f52e548ce070f30c7be3e79e748558
Author: kaniini <nenolod@gmail.com>
Date:   Sun, 26 Aug 2018 20:16:46 +0000

Merge branch 'improve-example-caddyfile' into 'develop'

Improve example Caddyfile

See merge request pleroma/pleroma!296

Diffstat:

Minstallation/caddyfile-pleroma.example38+++++++++++++++++++++++++++++++++-----
1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example @@ -1,8 +1,32 @@ social.domain.tld { - tls user@domain.tld + log /var/log/caddy/pleroma_access.log + errors /var/log/caddy/pleroma_error.log - log /var/log/caddy/pleroma.log + gzip + proxy / localhost:4000 { + websocket + transparent + } + + tls user@domain.tld { + # Remove the rest of the lines in here, if you want to support older devices + key_type p256 + ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 + } + + header / { + X-XSS-Protection "1; mode=block" + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "same-origin" + Strict-Transport-Security "max-age=31536000; includeSubDomains;" + Expect-CT "enforce, max-age=2592000" + } + + # If you do not want remote frontends to be able to access your Pleroma backend server, remove these lines. + # If you want to allow all origins access, remove the origin lines. + # To use this directive, you need the http.cors plugin for Caddy. cors / { origin https://halcyon.domain.tld origin https://pinafore.domain.tld @@ -10,9 +34,13 @@ social.domain.tld { allowed_headers Authorization,Content-Type,Idempotency-Key exposed_headers Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id } + # Stop removing lines here. - proxy / localhost:4000 { - websocket - transparent + # If you do not want to use the mediaproxy function, remove these lines. + # To use this directive, you need the http.cache plugin for Caddy. + cache { + match_path /proxy + default_max_age 720m } + # Stop removing lines here. }