1
0
mirror of https://github.com/tommytran732/Vaultwarden-Docker-Compose synced 2024-11-09 18:31:33 -05:00
Vaultwarden-Docker-Compose/Caddyfile
Tommy 6e0ed8522a
Do not replace upstream permission policies
Signed-off-by: Tommy <contact@tommytran.io>
2023-08-29 05:20:28 -07:00

40 lines
1.3 KiB
Caddyfile

{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls {$EMAIL}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Uncomment if you want to block access to /admin
#@blocked {
# path /admin /admin/*
#}
#respond @blocked 403
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:8080 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
header_down +Permissions-Policy "hid=(), idle-detection=(), interest-cohort=(), serial=()"
header_down +Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'"
header_down X-XSS-Protection "0"
header_down Cross-Origin-Opener-Policy same-origin
header_down Cross-Origin-Resource-Policy : same-origin
}
}