cvan/Caddyfile

## Caddyfile
# generated 2023-10-04, Mozilla Guideline v5.7, Caddy 2.1.1, intermediate configuration
# https://ssl-config.mozilla.org/#server=caddy&version=2.1.1&config=intermediate&guideline=5.7
# note that Caddy automatically configures safe TLS settings

# replace example.com with your domain name
example.com

# Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7
tls {
    protocols tls1.2 tls1.3
    ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}

# HSTS (63072000 seconds)
header / Strict-Transport-Security "max-age=63072000"
	# generated 2023-10-04, Mozilla Guideline v5.7, Caddy 2.1.1, intermediate configuration
	# https://ssl-config.mozilla.org/#server=caddy&version=2.1.1&config=intermediate&guideline=5.7
	# note that Caddy automatically configures safe TLS settings

	# replace example.com with your domain name
	example.com

	# Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7
	tls {
	protocols tls1.2 tls1.3
	ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	}

	# HSTS (63072000 seconds)
	header / Strict-Transport-Security "max-age=63072000"