privatecoffee-website/contrib/caddy/Caddyfile
Kumi 9c7283dffd
feat(Caddyfile): support security.txt redirection
Introduced handling for security.txt requests in the Caddyfile
configuration to redirect users to a dedicated security page. This
change enables visitors to easily find security policy and vulnerability
reporting information by redirecting requests for
`/.well-known/security.txt` and `/security.txt` to
`https://security.private.coffee/security.txt`. Implementing this
standard practice improves transparency and security posture by
facilitating clearer communication with security researchers and the
public.
2024-03-15 10:55:50 +01:00

41 lines
1.1 KiB
Caddyfile

private.coffee www.private.coffee {
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header Access-Control-Allow-Origin https://element.private.coffee
header Access-Control-Allow-Methods "GET"
header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
header Access-Control-Expose-Headers "Content-Length,Content-Range"
@matrix {
path matrix /.well-known/matrix/*
}
@assets {
path assets /assets/*
}
@security {
path security-well-known /.well-known/security.txt
path security /security.txt
}
handle @matrix {
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server `{"m.server": "matrix.private.coffee:443"}`
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.private.coffee"}}`
}
handle @assets {
file_server
root * /srv/private.coffee
}
handle @security {
redir https://security.private.coffee/security.txt
}
handle {
reverse_proxy * unix//var/run/uwsgi/privatecoffee.sock
}
}