-
Notifications
You must be signed in to change notification settings - Fork 20
/
periph.io.conf
62 lines (57 loc) · 2.35 KB
/
periph.io.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Meant to be run on GCE with
# https://cloud.google.com/container-optimized-os/docs/
#
# See https://caddyserver.com/docs for more information.
# Redirect to naked.
www.periph.io {
log {
output file logs/www.periph.io.log {
roll_size 100 # Rotate after 100 MB
roll_keep_for 120d # Keep log files for 120 days
roll_keep 100 # Keep at most 100 log files
}
}
redir https://periph.io{uri} 307
}
# Doesn't implement the git poller, the altX host do for proper redundancy.
periph.io {
log {
output file logs/periph.io.log {
roll_size 100 # Rotate after 100 MB
roll_keep_for 120d # Keep log files for 120 days
roll_keep 100 # Keep at most 100 log files
}
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
# connect via HTTPS (do not use if only testing)
Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# https://developers.google.com/web/fundamentals/security/csp/
# - Edge doesn't support child-src, frame-src is.
# - Edge requires frame-src: data: for inline SVG, others don't.
# - Edge ignores block-all-mixed-content.
# - Edge (as of 2017-03-19) only supports CSP1 so it doesn't support sha256
# whitelist.
Content-Security-Policy "default-src 'self'; child-src ghbtns.com www.youtube.com; frame-src data: ghbtns.com www.youtube.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google-analytics.com; img-src 'self' pkg.go.dev www.google-analytics.com stats.g.doubleclick.net www.google.com; block-all-mixed-content"
# Tell clients to cache for 1 hour.
Cache-Control "public, max-age=3600"
}
@rickroll {
path /.env /wp-admin /wp-login.php /xmlrpc.php
}
handle @rickroll {
redir https://www.youtube.com/watch?v=dQw4w9WgXcQ
}
root periph.io/www
handle /x/* {
rewrite templates/gopkg.html?path={path}&{query}
templates
}
file_server
}