mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-06 05:04:27 +08:00
45 lines
1.3 KiB
Caddyfile
45 lines
1.3 KiB
Caddyfile
# Dashboard
|
|
https://dashboard.{$NM_DOMAIN} {
|
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
# Apply basic security headers
|
|
header {
|
|
# Enable cross origin access to *.{$NM_DOMAIN}
|
|
Access-Control-Allow-Origin *.{$NM_DOMAIN}
|
|
# Enable HTTP Strict Transport Security (HSTS)
|
|
Strict-Transport-Security "max-age=31536000;"
|
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
X-XSS-Protection "1; mode=block"
|
|
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
|
|
X-Frame-Options "SAMEORIGIN"
|
|
# Prevent search engines from indexing
|
|
X-Robots-Tag "none"
|
|
# Remove the server name
|
|
-Server
|
|
}
|
|
|
|
reverse_proxy http://netmaker-ui
|
|
}
|
|
|
|
# API
|
|
https://api.{$NM_DOMAIN} {
|
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
reverse_proxy http://netmaker:8081
|
|
}
|
|
|
|
# TURN
|
|
https://turn.{$NM_DOMAIN} {
|
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
reverse_proxy host.docker.internal:3479
|
|
}
|
|
|
|
# TURN API
|
|
https://turnapi.{$NM_DOMAIN} {
|
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
reverse_proxy http://host.docker.internal:8089
|
|
}
|
|
|
|
# MQ
|
|
wss://broker.{$NM_DOMAIN} {
|
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
|
|
}
|