Created
May 7, 2018 02:49
-
-
Save douglasmiranda/b49471062f5363190bd7dd4499e48bf4 to your computer and use it in GitHub Desktop.
Caddy config for Django
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://github.com/douglasmiranda/dockerfiles/tree/master/caddy | |
# https://caddy.community/t/caddy-as-a-proxy-for-django/2164/2 | |
www.{$DOMAIN_NAME} { | |
redir https://example.com | |
} | |
{$DOMAIN_NAME} { | |
proxy / django:5000 { | |
header_upstream Host {host} | |
header_upstream X-Real-IP {remote} | |
header_upstream X-Forwarded-Proto {scheme} | |
} | |
header / { | |
# Don't show Caddy/Gunicorn as server header. | |
-Server | |
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS (do not use if only testing) | |
# Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
# Only send Referer header to same origin. | |
# Django CSRF protection is incompatible with referrer policy set to none. | |
Referrer-Policy "same-origin" | |
# Enable cross-site filter (XSS) and tell browser to block detected attacks. | |
X-XSS-Protection "1; mode=block" | |
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type | |
X-Content-Type-Options "nosniff" | |
# Enable a strict content security policy. | |
# Edit this if you need external sources on your site. | |
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | |
Content-Security-Policy "connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src data: 'self'; object-src 'self'; style-src 'self'; script-src 'self';" | |
# Don't allow resources to load within a frame/iframe. | |
# This is handled with frame-ancestors 'none' in the content security policy. But not yet supported by older browsers. | |
X-Frame-Options "DENY" | |
} | |
log stdout | |
errors stdout | |
gzip | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment