lostecho/ansible_management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d7f6cc8fcce2b9f9efad28906d2241c1d5f5c60
ansible_management/files/154.204.181.192/Caddyfile
YuanHui 1d7f6cc8fc Initial commit
2025-07-11 15:48:18 +08:00

176 lines
3.7 KiB
Caddyfile
Raw Blame History

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
#:80 {
# # Set this path to your site's directory.
# root * /usr/share/caddy
#
# # Enable the static file server.
# file_server
#
# # Another common task is to set up a reverse proxy:
# # reverse_proxy localhost:8080
#
# # Or serve a PHP site through php-fpm:
# # php_fastcgi localhost:9000
#}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
# ------------------------------
# simpla.dev Services
# ------------------------------
# 定义一个名为 (securityHeaders) 的可重用代码片段
(securityHeaders) {
header {
# Strict-Transport-Security (HSTS)
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# X-Frame-Options
X-Frame-Options "SAMEORIGIN"
# X-Content-Type-Options
X-Content-Type-Options "nosniff"
# Referrer-Policy
Referrer-Policy "strict-origin-when-cross-origin"
# Permissions-Policy
Permissions-Policy "camera=(), microphone=(), geolocation=()"
# Content-Security-Policy (CSP) - 通用起点
Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
# 移除 Server 标识
-Server
}
}
simpla.dev {
# 设置网站根目录
root * /srv/simpla.dev
# 开启文件服务
file_server
import securityHeaders
}
hugo.simpla.dev {
reverse_proxy http://127.0.0.1:1313
# import securityHeaders
}
daed.simpla.dev {
reverse_proxy http://127.0.0.1:2023
import securityHeaders
}
gitea.simpla.dev {
reverse_proxy http://127.0.0.1:3000
import securityHeaders
}
lobe.simpla.dev {
reverse_proxy http://127.0.0.1:3210
# import securityHeaders
}
fndav.simpla.dev {
reverse_proxy http://127.0.0.1:5005
# import securityHeaders
}
openlist.simpla.dev {
reverse_proxy http://127.0.0.1:5244
# import securityHeaders
}
fnos.simpla.dev {
reverse_proxy http://127.0.0.1:5666
# import securityHeaders
}
frps.simpla.dev {
reverse_proxy http://127.0.0.1:7001
import securityHeaders
}
frpc.simpla.dev {
reverse_proxy http://127.0.0.1:7400
import securityHeaders
}
pve.simpla.dev {
handle {
reverse_proxy https://127.0.0.1:8006 {
transport http {
tls_insecure_skip_verify
}
header_up Host {http.reverse_proxy.host}
header_up X-Forwarded-Host {host}
}
# import securityHeaders
}
}
kubepi.simpla.dev {
reverse_proxy http://127.0.0.1:8090
import securityHeaders
}
ddns.simpla.dev {
reverse_proxy http://127.0.0.1:9876
import securityHeaders
}
dify.simpla.dev {
reverse_proxy http://127.0.0.1:10080
import securityHeaders
}
1panel.simpla.dev {
reverse_proxy http://127.0.0.1:21643
import securityHeaders
}
gotify.simpla.dev {
reverse_proxy http://127.0.0.1:40266
import securityHeaders
}
b.simpla.dev {
# 将所有收到的请求转发到目标网站
reverse_proxy https://b.watch {
# (可选) 修改发送到目标服务器的 Host 请求头
header_up Host {http.reverse_proxy.upstream.hostport}
}
}
# ------------------------------
# k3s Services
# ------------------------------
argocd.simpla.dev {
reverse_proxy http://127.0.0.1:20180
import securityHeaders
}
markword.simpla.dev {
reverse_proxy http://127.0.0.1:20180
import securityHeaders
}
n8n.simpla.dev {
reverse_proxy http://127.0.0.1:20180
import securityHeaders
}
Reference in New Issue View Git Blame Copy Permalink