signal-works/ice
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
ice/scripts/Caddyfile
Deco Vander d9559f71fe Update HTML files to use Bunny.net CDN for static assets 
- Updated all static asset URLs to use iceymi.b-cdn.net CDN
- Changed favicon, CSS, and JS file references in index.html, admin.html, and privacy.html
- API calls remain pointed to origin server for dynamic content
- Ready for CDN deployment with proper cache separation
2025-07-03 20:44:16 -04:00

87 lines
2.5 KiB
Caddyfile
Raw Blame History

# Great Lakes Ice Report Caddy Configuration
# Using subdomain on existing puremichigan.lol domain
#
# This configuration automatically:
# - Obtains SSL certificates from Let's Encrypt
# - Redirects HTTP to HTTPS
# - Serves on ports 80 and 443
# Main site configuration
ice.puremichigan.lol {
# Automatic HTTPS (default behavior)
# Caddy automatically:
# - Listens on :80 and :443
# - Redirects HTTP to HTTPS
# - Gets SSL cert from Let's Encrypt
# Reverse proxy to Node.js app
reverse_proxy localhost:3000 {
# Health check
health_uri /api/locations
health_interval 30s
health_timeout 5s
}
# Security headers for Great Lakes Ice Report
header {
# Enable HSTS (force HTTPS for 1 year)
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Prevent clickjacking
X-Frame-Options DENY
# Prevent content type sniffing
X-Content-Type-Options nosniff
# XSS protection
X-XSS-Protection "1; mode=block"
# Referrer policy
Referrer-Policy strict-origin-when-cross-origin
# Content Security Policy
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' unpkg.com api.mapbox.com; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' data: *.tile.openstreetmap.org unpkg.com; connect-src 'self' api.mapbox.com nominatim.openstreetmap.org"
}
# Gzip compression
encode gzip zstd
# Logging for monitoring
log {
output file /var/log/caddy/great-lakes-ice-report.log {
roll_size 100MB
roll_keep 5
}
format json
}
# Rate limiting for API endpoints (requires caddy-ratelimit plugin)
# General API rate limiting: 30 requests per minute
@api path /api/*
rate_limit @api {
key {remote_host}
rate 30
window 1m
}
# Submission rate limiting: 5 requests per minute
@submit {
path /api/locations
method POST
}
rate_limit @submit {
key {remote_host}
rate 5
window 1m
}
}
# Redirect www subdomain (if someone tries it)
www.ice.puremichigan.lol {
redir https://ice.puremichigan.lol{uri} permanent
}
# HTTP redirect (explicit, though Caddy does this automatically)
# This is just for clarity
http://ice.puremichigan.lol {
redir https://ice.puremichigan.lol{uri} permanent
}
http://www.ice.puremichigan.lol {
redir https://ice.puremichigan.lol{uri} permanent
}
Reference in a new issue View git blame Copy permalink