# The Caddyfile is an easy way to configure your Caddy web server. # # Unless the file starts with a global options block, the first # uncommented line is always the address of your site. # # To use your own domain name (with automatic HTTPS), first make # sure your domain's A/AAAA DNS records are properly pointed to # this machine's public IP, then replace ":80" below with your # domain name. #:80 { # # Set this path to your site's directory. # root * /usr/share/caddy # # # Enable the static file server. # file_server # # # Another common task is to set up a reverse proxy: # # reverse_proxy localhost:8080 # # # Or serve a PHP site through php-fpm: # # php_fastcgi localhost:9000 #} # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile # ------------------------------ # simpla.dev Services # ------------------------------ # 定义一个名为 (securityHeaders) 的可重用代码片段 (securityHeaders) { header { # Strict-Transport-Security (HSTS) Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # X-Frame-Options X-Frame-Options "SAMEORIGIN" # X-Content-Type-Options X-Content-Type-Options "nosniff" # Referrer-Policy Referrer-Policy "strict-origin-when-cross-origin" # Permissions-Policy Permissions-Policy "camera=(), microphone=(), geolocation=()" # Content-Security-Policy (CSP) - 通用起点 Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" # 移除 Server 标识 -Server } } simpla.dev { # 设置网站根目录 root * /srv/simpla.dev # 开启文件服务 file_server import securityHeaders } hugo.simpla.dev { reverse_proxy http://127.0.0.1:1313 # import securityHeaders } daed.simpla.dev { reverse_proxy http://127.0.0.1:2023 import securityHeaders } gitea.simpla.dev { reverse_proxy http://127.0.0.1:3000 import securityHeaders } lobe.simpla.dev { reverse_proxy http://127.0.0.1:3210 # import securityHeaders } fndav.simpla.dev { reverse_proxy http://127.0.0.1:5005 # import securityHeaders } openlist.simpla.dev { reverse_proxy http://127.0.0.1:5244 # import securityHeaders } fnos.simpla.dev { reverse_proxy http://127.0.0.1:5666 # import securityHeaders } frps.simpla.dev { reverse_proxy http://127.0.0.1:7001 import securityHeaders } frpc.simpla.dev { reverse_proxy http://127.0.0.1:7400 import securityHeaders } pve.simpla.dev { handle { reverse_proxy https://127.0.0.1:8006 { transport http { tls_insecure_skip_verify } header_up Host {http.reverse_proxy.host} header_up X-Forwarded-Host {host} } # import securityHeaders } } kubepi.simpla.dev { reverse_proxy http://127.0.0.1:8090 import securityHeaders } ddns.simpla.dev { reverse_proxy http://127.0.0.1:9876 import securityHeaders } dify.simpla.dev { reverse_proxy http://127.0.0.1:10080 import securityHeaders } 1panel.simpla.dev { reverse_proxy http://127.0.0.1:21643 import securityHeaders } gotify.simpla.dev { reverse_proxy http://127.0.0.1:40266 import securityHeaders } b.simpla.dev { # 将所有收到的请求转发到目标网站 reverse_proxy https://b.watch { # (可选) 修改发送到目标服务器的 Host 请求头 header_up Host {http.reverse_proxy.upstream.hostport} } } # ------------------------------ # k3s Services # ------------------------------ argocd.simpla.dev { reverse_proxy http://127.0.0.1:20180 import securityHeaders } markword.simpla.dev { reverse_proxy http://127.0.0.1:20180 import securityHeaders } n8n.simpla.dev { reverse_proxy http://127.0.0.1:20180 import securityHeaders }