netmaker/docker/Caddyfile
Tobias Cudnik 3ad47f17ec
NET-147 full config for nm-quick.sh (#2291)
* - moved all vars to config
- compose override
- use the config in compose, caddy
- aligned local / remote setup
- proper docker cleanup
- support for a relative installation path

* - config handling
- error handling / env cleanups
- reduced compose files
- misc

* fixed debugs

* fixed UI_IMAGE_TAG / IMAGE_TAG
2023-05-16 07:00:16 -04:00

51 lines
1.4 KiB
Caddyfile

# Dashboard
https://dashboard.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
# Apply basic security headers
header {
# Enable cross origin access to *.{$NM_DOMAIN}
Access-Control-Allow-Origin *.{$NM_DOMAIN}
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Prevent search engines from indexing
X-Robots-Tag "none"
# Remove the server name
-Server
}
reverse_proxy http://netmaker-ui
}
# API
https://api.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy http://netmaker:8081
}
# STUN
https://stun.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy netmaker:3478
}
# TURN
https://turn.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy host.docker.internal:3479
}
# TURN API
https://turnapi.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy http://host.docker.internal:8089
}
# MQ
wss://broker.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
}