{{ vhost_url }} { header / { # Enable HTTP Strict Transport Security (HSTS) to force clients to always # connect via HTTPS (do not use if only testing) Strict-Transport-Security "max-age=31536000;" # Enable cross-site filter (XSS) and tell browser to block detected attacks X-XSS-Protection "1; mode=block" # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type X-Content-Type-Options "nosniff" # Disallow the site to be rendered within a frame (clickjacking protection) X-Frame-Options "DENY" } proxy / http://{{ reverse_location }}:{{ reverse_port }} { {% if rootws %} websocket {% endif %} transparent } {% if websocket %} proxy {{ websocket_path }} http://{{ websocket_location }}:{{ websocket_port }} { websocket } {% endif %} {% if proxy_rule %} proxy {{ proxy_path }} http://{{ proxy_location }}:{{ proxy_port }} { transparent } {% endif %} log {{ caddy_logs }}/{{ vhost_name }}/access.log { rotate_size 100 rotate_age 30 rotate_keep 10 } errors {{ caddy_logs }}/{{ vhost_name }}/errors.log { rotate_size 100 rotate_age 30 rotate_keep 10 } }