[mod] vault
This commit is contained in:
parent
0a96279ecc
commit
843e87dc1e
10 changed files with 103 additions and 38 deletions
56
vaultwarden/Caddyfile
Normal file
56
vaultwarden/Caddyfile
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
{$DOMAIN}:443 {
|
||||
|
||||
log {
|
||||
level INFO
|
||||
|
||||
output file {$LOG_FILE} {
|
||||
|
||||
roll_size 10MB
|
||||
|
||||
roll_keep 10
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Get a cert by using the ACME HTTP-01 challenge.
|
||||
|
||||
tls {$EMAIL}
|
||||
encode gzip
|
||||
|
||||
# Headers to improve security.
|
||||
|
||||
header {
|
||||
|
||||
# Enable HSTS
|
||||
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
|
||||
# Enable cross-site filter (XSS)
|
||||
|
||||
X-XSS-Protection "1; mode=block"
|
||||
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
|
||||
X-Frame-Options "DENY"
|
||||
|
||||
# Prevent search engines from indexing
|
||||
|
||||
X-Robots-Tag "none"
|
||||
|
||||
# Remove Caddy branding
|
||||
|
||||
-Server
|
||||
|
||||
}
|
||||
|
||||
# Redirect notifications to the WebSocket.
|
||||
|
||||
reverse_proxy /notifications/hub vaultwarden:3012
|
||||
|
||||
reverse_proxy vaultwarden:80 {
|
||||
|
||||
header_up X-Real-IP {remote_host}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue