From 72a75b58dc3836cff2cba52cd93b93c55ff21fe7 Mon Sep 17 00:00:00 2001
From: Edwin Lyon <edwin@noreply.git.technerdonline.com>
Date: Thu, 24 Feb 2022 21:48:42 -0800
Subject: [PATCH] Add 'Caddyfile'
---
Caddyfile | 258 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 258 insertions(+)
create mode 100644 Caddyfile
diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..3ad02f1
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,258 @@
+{
+ admin off
+}
+
+www.allthingsbytes.com allthingsbytes.com {
+ tls /var/lib/caddy/ssl/allthingsbytes.pem /var/lib/caddy/ssl/allthingsbytes-key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ redir * https://technerdonline.com{uri}
+}
+
+www.allyourbytearebelongtous.com allyourbytearebelongtous.com {
+ tls /var/lib/caddy/ssl/allyourbytearebelongtous.pem /var/lib/caddy/ssl/allyourbytearebelongtous-key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ redir * https://technerdonline.com{uri}
+}
+
+www.technerdonline.net technerdonline.net {
+ tls /var/lib/caddy/ssl/cert-net.pem /var/lib/caddy/ssl/cert-net-key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ redir * https://technerdonline.com{uri}
+}
+
+www.technerdonline.com {
+ tls /var/lib/caddy/ssl/cert.pem /var/lib/caddy/ssl/key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ @www host www.technerdonline.com
+ redir @www https://technerdonline.com{uri}
+}
+
+technerdonline.com {
+ log {
+ output file /var/log/caddy/access.log {
+ roll true # Rotate logs, enabled by default
+ roll_size_mb 5 # Set max size 5 MB
+ roll_gzip true # Whether to compress rolled files
+ roll_local_time true # Use localhost time
+ roll_keep 2 # Keep at most 2 log files
+ roll_keep_days 7 # Keep log files for 7 days
+ }
+ }
+
+ tls /var/lib/caddy/ssl/cert.pem /var/lib/caddy/ssl/key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ @http {
+ protocol http
+ }
+ redir @http https://technerdonline.com{uri} permanent
+
+ @static {
+ file
+ path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff
+ }
+ header @static {
+ Cache-Control "public, max-age=2592000"
+ defer
+ }
+
+ @notstatic {
+ file
+ not path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff
+ }
+ header @notstatic {
+ Cache-Control "no-cache, no-store"
+ Pragma "no-cache"
+ }
+
+ header {
+ Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+ X-XSS-Protection "1; mode=block"
+ X-Content-Type-Options "nosniff"
+ X-Frame-Options "SAMEORIGIN"
+ Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'self'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none';"
+ Referrer-Policy "no-referrer"
+ Content-Security-Policy "upgrade-insecure-requests"
+ Expect-CT "max-age=604800"
+ -Server
+ }
+
+ handle {
+ encode zstd gzip
+ root * /usr/share/caddy/public
+ try_files {path} {path}/index.html
+ file_server
+ }
+
+ handle_errors {
+ rewrite * /{http.error.status_code}.html
+ file_server
+ }
+}
+
+git.technerdonline.com {
+ log {
+ output file /var/log/caddy/access.log {
+ roll true # Rotate logs, enabled by default
+ roll_size_mb 5 # Set max size 5 MB
+ roll_gzip true # Whether to compress rolled files
+ roll_local_time true # Use localhost time
+ roll_keep 2 # Keep at most 2 log files
+ roll_keep_days 7 # Keep log files for 7 days
+ }
+ }
+
+ tls /var/lib/caddy/ssl/cert.pem /var/lib/caddy/ssl/key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ @http {
+ protocol http
+ }
+ redir @http https://git.technerdonline.com{uri}
+
+ header {
+ Strict-Transport-Security "max-age=31536000; includeSubDomains"
+ X-XSS-Protection "1; mode=block"
+ X-Content-Type-Options "nosniff"
+ X-Frame-Options "SAMEORIGIN"
+ Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'self'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none';"
+ Referrer-Policy "no-referrer"
+ Content-Security-Policy "upgrade-insecure-requests"
+ Expect-CT "max-age=604800"
+ -Server
+ }
+
+ handle {
+ encode zstd gzip
+
+ reverse_proxy localhost:3000 {
+ header_up Host {host}
+ #header_up X-Real-IP {CF-Connecting-IP}
+ #header_up X-Forwarded-For {CF-Connecting-IP}
+ header_up X-Forwarded-Port {http.request.port}
+ header_up X-Forwarded-Proto {http.request.scheme}
+ header_up X-Forwarded-TlsProto {tls_protocol}
+ header_up X-Forwarded-TlsCipher {tls_cipher}
+ header_up X-Forwarded-HttpsProto {proto}
+ }
+ }
+}
+
+element.technerdonline.com {
+ log {
+ output file /var/log/caddy/access.log {
+ roll true # Rotate logs, enabled by default
+ roll_size_mb 5 # Set max size 5 MB
+ roll_gzip true # Whether to compress rolled files
+ roll_local_time true # Use localhost time
+ roll_keep 2 # Keep at most 2 log files
+ roll_keep_days 7 # Keep log files for 7 days
+ }
+ }
+
+ tls /var/lib/caddy/ssl/cert.pem /var/lib/caddy/ssl/key.pem {
+ protocols tls1.2 tls1.3
+ ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ client_auth {
+ mode require_and_verify
+ trusted_ca_cert_file /var/lib/caddy/cloudflare-mtls.crt
+ }
+ }
+ @http {
+ protocol http
+ }
+ redir @http https://element.technerdonline.com{uri}
+
+ @static {
+ not path /config.*.json
+ not path /i18n
+ not path /home
+ not path /sites
+ not path /index.html
+ }
+ header @static {
+ Cache-Control "public, max-age=2592000"
+ defer
+ }
+
+ @notstatic {
+ path /config.*.json
+ path /i18n
+ path /home
+ path /sites
+ path /index.html
+ }
+ header @notstatic {
+ Cache-Control "no-cache, no-store"
+ X-Robots-Tag "noindex, noarchive, nofollow"
+ Pragma "no-cache"
+ }
+
+ @blocked {
+ path /media/customer/* /media/downloadable/* /media/import/* /media/custom_options/* /errors/*
+ }
+ respond @blocked 403
+
+ @notfound {
+ path_regexp reg_notfound \/\..*$|\/errors\/.*\.xml$|theme_customization\/.*\.xml
+ }
+ respond @notfound 404
+
+ header {
+ Strict-Transport-Security "max-age=31536000; includeSubDomains"
+ X-XSS-Protection "1; mode=block"
+ X-Content-Type-Options "nosniff"
+ X-Frame-Options "SAMEORIGIN"
+ Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'self';encrypted-media 'self';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'self';midi 'none';payment 'none';picture-in-picture 'self'; speaker 'self';sync-xhr 'none';usb 'none';vr 'none';"
+ Referrer-Policy "no-referrer"
+ Content-Security-Policy "upgrade-insecure-requests"
+ Expect-CT "max-age=604800"
+ -Server
+ }
+
+ handle {
+ encode zstd gzip
+ root * /usr/share/caddy/element
+ try_files {path} {path}/index.html
+ file_server
+ }
+
+ handle_errors {
+ rewrite * /{http.error.status_code}.html
+ file_server
+ }
+}