31 lines
704 B
Django/Jinja
31 lines
704 B
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
{{ mastodon_domain }} {
|
|
encode gzip
|
|
|
|
header {
|
|
# enable HSTS
|
|
Strict-Transport-Security "max-age=31536000; preload;"
|
|
|
|
# disable clients from sniffing the media type
|
|
X-Content-Type-Options nosniff
|
|
|
|
# clickjacking protection
|
|
X-Frame-Options DENY
|
|
|
|
# keep referrer data off of HTTP connections
|
|
Referrer-Policy no-referrer-when-downgrade
|
|
|
|
# Server name removing
|
|
-Server
|
|
}
|
|
|
|
# TODO: Move to own caddy file
|
|
route /.well-known/matrix* {
|
|
reverse_proxy https://matrix.flausch.social {
|
|
header_up -Host
|
|
}
|
|
}
|
|
|
|
reverse_proxy caddy-mastodon-nginx:8080
|
|
}
|