From a1ecaf54ef5de44e9d3cac37416612fae35653f9 Mon Sep 17 00:00:00 2001
From: 0hlov3 <0hlov3@protonmail.com>
Date: Tue, 29 Dec 2020 12:00:01 +0100
Subject: [PATCH 1/3] Adds Example for Caddy2 Jitsi

---
 ansible.cfg               |  2 +-
 examples/caddy2/Caddyfile | 63 +++++++++++++++++++++++++++++++++++++--
 examples/caddy2/README.md | 12 ++++++++
 3 files changed, 74 insertions(+), 3 deletions(-)
 create mode 100644 examples/caddy2/README.md

diff --git a/ansible.cfg b/ansible.cfg
index 0ae274f73..6c2838d39 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
 retry_files_enabled = False
-
+ansible_python_interpreter=/usr/bin/python3
 [connection]
 pipelining = True
diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile
index 1438a50b9..82728f962 100644
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@@ -1,4 +1,8 @@
 matrix.DOMAIN.tld {
+
+  # creates letsencrypt certificate
+  # tls your@email.com
+
   @identity {
         path /_matrix/identity/*
   }
@@ -94,7 +98,11 @@ matrix.DOMAIN.tld:8448 {
 }
 
 dimension.DOMAIN.tld {
-header {
+      
+      # creates letsencrypt certificate
+      # tls your@email.com
+      
+      header {
          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
         	# Enable cross-site filter (XSS) and tell browser to block detected attacks
@@ -121,7 +129,11 @@ header {
 }
 
 element.DOMAIN.tld {
- 	header {
+
+      # creates letsencrypt certificate
+      # tls your@email.com
+ 	
+      header {
          	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
         	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
         	# Enable cross-site filter (XSS) and tell browser to block detected attacks
@@ -145,3 +157,50 @@ element.DOMAIN.tld {
                      header_up X-Forwarded-HttpsProto {proto}
         }
 }
+
+#jitsi.DOMAIN.tld {
+#  log {
+#        output discard
+#  }
+#  
+#  creates letsencrypt certificate
+#  tls your@email.com
+#
+#  header {
+#        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
+#        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+#
+#        # Enable cross-site filter (XSS) and tell browser to block detected attacks
+#        X-XSS-Protection "1; mode=block"
+#
+#        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+#        X-Content-Type-Options "nosniff"
+#
+#        # Disallow the site to be rendered within a frame (clickjacking protection)
+#        X-Frame-Options "SAMEORIGIN"
+#
+#        # Disable some features
+#        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
+#
+#        # Referer
+#        Referrer-Policy "no-referrer"
+#
+#        # X-Robots-Tag
+#        X-Robots-Tag "none"
+#
+#        # Remove Server header
+#        -Server
+#  }
+#
+#  handle {
+#        encode zstd gzip
+#
+#        reverse_proxy 127.0.0.1:12080 {
+#               header_up X-Forwarded-Port {http.request.port}
+#               header_up X-Forwarded-Proto {http.request.scheme}
+#               header_up X-Forwarded-TlsProto {tls_protocol}
+#               header_up X-Forwarded-TlsCipher {tls_cipher}
+#               header_up X-Forwarded-HttpsProto {proto}
+#        }
+#  }
+#}
\ No newline at end of file
diff --git a/examples/caddy2/README.md b/examples/caddy2/README.md
new file mode 100644
index 000000000..4752140ff
--- /dev/null
+++ b/examples/caddy2/README.md
@@ -0,0 +1,12 @@
+# Caddyfile
+
+This directory contains sample files that show you how to do reverse-proxying using Caddy2.
+
+## Config
+
+| Variable           | Function |
+| ------------------ | -------- |
+| tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) | 
+| tls                | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls |
+| Jitsi              | To enable Jitsi support uncomment the lines for Jitsi and set your data |
+| log {output discard }         | No output. You can find the Options in the [Documentaton](https://caddyserver.com/docs/caddyfile/directives/log) for logging |
\ No newline at end of file

From 63c92fc2def26a96aea7e6c3b797c4ffa01f98f9 Mon Sep 17 00:00:00 2001
From: 0hlov3 <0hlov3@protonmail.com>
Date: Tue, 29 Dec 2020 12:02:12 +0100
Subject: [PATCH 2/3] Adds Example for Caddy2 Jitsi

---
 ansible.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible.cfg b/ansible.cfg
index 6c2838d39..0ae274f73 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
 retry_files_enabled = False
-ansible_python_interpreter=/usr/bin/python3
+
 [connection]
 pipelining = True

From f86d781244d8220a88bb55c55f25d8dd7c374942 Mon Sep 17 00:00:00 2001
From: 0hlov3 <0hlov3@protonmail.com>
Date: Tue, 29 Dec 2020 14:07:32 +0100
Subject: [PATCH 3/3] Updates the the caddy2 Readme and comment lines for
 dimension

---
 examples/caddy2/Caddyfile | 66 +++++++++++++++++++--------------------
 examples/caddy2/README.md |  4 +--
 2 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile
index 82728f962..d13b9788f 100644
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@@ -97,37 +97,6 @@ matrix.DOMAIN.tld:8448 {
     }
 }
 
-dimension.DOMAIN.tld {
-      
-      # creates letsencrypt certificate
-      # tls your@email.com
-      
-      header {
-         	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
-        	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-        	# Enable cross-site filter (XSS) and tell browser to block detected attacks
-        	X-XSS-Protection "1; mode=block"
-        	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
-        	X-Content-Type-Options "nosniff"
-        	# Disallow the site to be rendered within a frame (clickjacking protection)
-        	X-Frame-Options "DENY"
-        	# X-Robots-Tag
-        	X-Robots-Tag "noindex, noarchive, nofollow"
-  	}
-
-    	handle {
-        	encode zstd gzip
-
-        	reverse_proxy localhost:8184  {
-               		header_up X-Forwarded-Port {http.request.port}
-               		header_up X-Forwarded-Proto {http.request.scheme}
-               		header_up X-Forwarded-TlsProto {tls_protocol}
-               		header_up X-Forwarded-TlsCipher {tls_cipher}
-               		header_up X-Forwarded-HttpsProto {proto}
-        	}
-  	}
-}
-
 element.DOMAIN.tld {
 
       # creates letsencrypt certificate
@@ -158,10 +127,39 @@ element.DOMAIN.tld {
         }
 }
 
+#dimension.DOMAIN.tld {
+#      
+#      # creates letsencrypt certificate
+#      # tls your@email.com
+#      
+#      header {
+#          # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
+#          Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+#          # Enable cross-site filter (XSS) and tell browser to block detected attacks
+#          X-XSS-Protection "1; mode=block"
+#          # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+#          X-Content-Type-Options "nosniff"
+#          # Disallow the site to be rendered within a frame (clickjacking protection)
+#          X-Frame-Options "DENY"
+#          # X-Robots-Tag
+#          X-Robots-Tag "noindex, noarchive, nofollow"
+#    }
+#
+#      handle {
+#          encode zstd gzip
+#
+#          reverse_proxy localhost:8184  {
+#                  header_up X-Forwarded-Port {http.request.port}
+#                  header_up X-Forwarded-Proto {http.request.scheme}
+#                  header_up X-Forwarded-TlsProto {tls_protocol}
+#                  header_up X-Forwarded-TlsCipher {tls_cipher}
+#                  header_up X-Forwarded-HttpsProto {proto}
+#          }
+#    }
+#}
+
+
 #jitsi.DOMAIN.tld {
-#  log {
-#        output discard
-#  }
 #  
 #  creates letsencrypt certificate
 #  tls your@email.com
diff --git a/examples/caddy2/README.md b/examples/caddy2/README.md
index 4752140ff..022a4fec1 100644
--- a/examples/caddy2/README.md
+++ b/examples/caddy2/README.md
@@ -8,5 +8,5 @@ This directory contains sample files that show you how to do reverse-proxying us
 | ------------------ | -------- |
 | tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) | 
 | tls                | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls |
-| Jitsi              | To enable Jitsi support uncomment the lines for Jitsi and set your data |
-| log {output discard }         | No output. You can find the Options in the [Documentaton](https://caddyserver.com/docs/caddyfile/directives/log) for logging |
\ No newline at end of file
+| Dimnension         | To enable Dimension support uncomment the lines for Dimension and set your data |
+| Jitsi              | To enable Jitsi support uncomment the lines for Jitsi and set your data |
\ No newline at end of file