ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity

added .well-known path to Caddy2 example, closes #1442

This commit is contained in:
Wm Salt Hale 2021-12-20 10:50:05 -08:00
parent a5e840f3d3
commit 06f3b813d6
1 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
examples/caddy2/Caddyfile
View File

@ -27,6 +27,10 @@ matrix.DOMAIN.tld {
not path /matrix/static-files/* not path /matrix/static-files/*
} }
@wellknown {
path /.well-known/matrix/*
}
header { header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -69,6 +73,15 @@ matrix.DOMAIN.tld {
} }
} }
handle @wellknown {
encode zstd gzip
root * /matrix/static-files
header Cache-Control max-age=14400
header Content-Type application/json
header Access-Control-Allow-Origin *
file_server
}
handle { handle {
encode zstd gzip encode zstd gzip
@ -102,17 +115,17 @@ element.DOMAIN.tld {
# tls your@email.com # tls your@email.com
header { header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks # Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block" X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection) # Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY" X-Frame-Options "DENY"
# X-Robots-Tag # X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow" X-Robots-Tag "noindex, noarchive, nofollow"
} }
handle { handle {
encode zstd gzip encode zstd gzip