Skip to content

Instantly share code, notes, and snippets.

@obonyojimmy
Forked from SkYNewZ/Caddyfile
Created September 19, 2023 19:15
Show Gist options
  • Save obonyojimmy/fbbf918b6364579ee1462b050fe8ea96 to your computer and use it in GitHub Desktop.
Save obonyojimmy/fbbf918b6364579ee1462b050fe8ea96 to your computer and use it in GitHub Desktop.
Example Caddyfile for using as load balancer
{
# Enable Debug mode
debug
# Disable admin API
admin off
}
localhost {
# https://caddyserver.com/docs/caddyfile/directives/push
push
# https://caddyserver.com/docs/caddyfile/directives/encode
encode zstd gzip
# https://caddyserver.com/docs/caddyfile/directives/metrics
metrics /metrics
# https://caddyserver.com/docs/caddyfile/directives/header
header {
# Hide "Server: Caddy"
-Server
# prevent attacks such as Cross Site Scripting (XSS)
Content-Security-Policy default-src 'self' *.cloud.skynewz.dev
# enable the cross-site scripting (XSS) filter built into modern web browsers
X-XSS-Protection 1; mode=block
# ensures the connection cannot be establish through an insecure HTTP connection
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
# clickjacking protection
X-Frame-Options DENY
# provides clickjacking protection. Disable iframes
X-Frame-Options: SAMEORIGIN
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
}
# https://caddyserver.com/docs/caddyfile/directives/respond
# Replace backends health checks and provide one for this LB
respond /health 200
# https://caddyserver.com/docs/caddyfile/directives/tls
# tls quentin@lemairepro.fr {
# dns gandi {env.GANDI_API_TOKEN}
# # Remove this line to enable Let's Encrypt production certificate
# ca https://acme-staging-v02.api.letsencrypt.org/directory
# }
# https://caddyserver.com/docs/caddyfile/directives/log
log {
output stdout
format console
}
# https://caddyserver.com/docs/caddyfile/directives/reverse_proxy
reverse_proxy * {
# Specify backend here
to 127.0.0.1:8001
to 127.0.0.1:8002
to 127.0.0.1:8003
lb_policy round_robin
lb_try_duration 1s
lb_try_interval 250ms
health_path /health # Backend health check path
# health_port 80 # Default same as backend port
health_interval 10s
health_timeout 2s
health_status 200
}
}
version: "3.8"
services:
whoami1:
container_name: whoami1
hostname: whoami1
image: traefik/whoami
ports:
- 8001:80
whoami2:
container_name: whoami2
hostname: whoami2
image: traefik/whoami
ports:
- 8002:80
whoami3:
container_name: whoami3
hostname: whoami3
image: traefik/whoami
ports:
- 8003:80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment