96e2619aa2
All checks were successful
CI / Validate i18n Files (pull_request) Successful in 19s
Dependency Review / Review Dependencies (pull_request) Successful in 26s
CI / TypeScript Type Check (pull_request) Successful in 1m20s
CI / Lint Code (pull_request) Successful in 1m37s
CI / Build Project (pull_request) Successful in 1m32s
CI / Security Checks (pull_request) Successful in 1m35s
CI / Run Tests (Node 20) (pull_request) Successful in 1m42s
CI / Run Tests (Node 18) (pull_request) Successful in 1m49s
Code Quality / Code Quality Checks (pull_request) Successful in 1m57s
CI / Test Coverage (pull_request) Successful in 1m32s
- Created example-shared-components.html to demonstrate TypeScript-based shared header and footer components. - Added original-style.css for theming with CSS variables and dark mode support. - Introduced style-backup.css for legacy styles. - Developed test-refactored.html for testing map components with Leaflet integration. - Updated deployment documentation to reflect changes in log file paths and service names. - Renamed project from "great-lakes-ice-report" to "icewatch" in package.json and package-lock.json. - Updated Caddyfile for new log file path. - Added S3 bucket policy for public read access to greatlakes-conditions. - Removed old service file and created new systemd service for icewatch.
87 lines
2.5 KiB
Caddyfile
87 lines
2.5 KiB
Caddyfile
# Great Lakes Ice Report Caddy Configuration
|
|
# Using subdomain on existing puremichigan.lol domain
|
|
#
|
|
# This configuration automatically:
|
|
# - Obtains SSL certificates from Let's Encrypt
|
|
# - Redirects HTTP to HTTPS
|
|
# - Serves on ports 80 and 443
|
|
|
|
# Main site configuration
|
|
ice.puremichigan.lol {
|
|
# Automatic HTTPS (default behavior)
|
|
# Caddy automatically:
|
|
# - Listens on :80 and :443
|
|
# - Redirects HTTP to HTTPS
|
|
# - Gets SSL cert from Let's Encrypt
|
|
|
|
# Reverse proxy to Node.js app
|
|
reverse_proxy localhost:3000 {
|
|
# Health check
|
|
health_uri /api/locations
|
|
health_interval 30s
|
|
health_timeout 5s
|
|
}
|
|
|
|
# Security headers for Great Lakes Ice Report
|
|
header {
|
|
# Enable HSTS (force HTTPS for 1 year)
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
# Prevent clickjacking
|
|
X-Frame-Options DENY
|
|
# Prevent content type sniffing
|
|
X-Content-Type-Options nosniff
|
|
# XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Referrer policy
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
# Content Security Policy
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' unpkg.com api.mapbox.com; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' data: *.tile.openstreetmap.org unpkg.com; connect-src 'self' api.mapbox.com nominatim.openstreetmap.org"
|
|
}
|
|
|
|
# Gzip compression
|
|
encode gzip zstd
|
|
|
|
# Logging for monitoring
|
|
log {
|
|
output file /var/log/caddy/icewatch.log {
|
|
roll_size 100MB
|
|
roll_keep 5
|
|
}
|
|
format json
|
|
}
|
|
|
|
# Rate limiting for API endpoints (requires caddy-ratelimit plugin)
|
|
# General API rate limiting: 30 requests per minute
|
|
@api path /api/*
|
|
rate_limit @api {
|
|
key {remote_host}
|
|
rate 30
|
|
window 1m
|
|
}
|
|
|
|
# Submission rate limiting: 5 requests per minute
|
|
@submit {
|
|
path /api/locations
|
|
method POST
|
|
}
|
|
rate_limit @submit {
|
|
key {remote_host}
|
|
rate 5
|
|
window 1m
|
|
}
|
|
}
|
|
|
|
# Redirect www subdomain (if someone tries it)
|
|
www.ice.puremichigan.lol {
|
|
redir https://ice.puremichigan.lol{uri} permanent
|
|
}
|
|
|
|
# HTTP redirect (explicit, though Caddy does this automatically)
|
|
# This is just for clarity
|
|
http://ice.puremichigan.lol {
|
|
redir https://ice.puremichigan.lol{uri} permanent
|
|
}
|
|
|
|
http://www.ice.puremichigan.lol {
|
|
redir https://ice.puremichigan.lol{uri} permanent
|
|
}
|