From a1ecaf54ef5de44e9d3cac37416612fae35653f9 Mon Sep 17 00:00:00 2001 From: 0hlov3 <0hlov3@protonmail.com> Date: Tue, 29 Dec 2020 12:00:01 +0100 Subject: [PATCH 1/3] Adds Example for Caddy2 Jitsi --- ansible.cfg | 2 +- examples/caddy2/Caddyfile | 63 +++++++++++++++++++++++++++++++++++++-- examples/caddy2/README.md | 12 ++++++++ 3 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 examples/caddy2/README.md diff --git a/ansible.cfg b/ansible.cfg index 0ae274f73..6c2838d39 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] retry_files_enabled = False - +ansible_python_interpreter=/usr/bin/python3 [connection] pipelining = True diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 1438a50b9..82728f962 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -1,4 +1,8 @@ matrix.DOMAIN.tld { + + # creates letsencrypt certificate + # tls your@email.com + @identity { path /_matrix/identity/* } @@ -94,7 +98,11 @@ matrix.DOMAIN.tld:8448 { } dimension.DOMAIN.tld { -header { + + # creates letsencrypt certificate + # tls your@email.com + + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Enable cross-site filter (XSS) and tell browser to block detected attacks @@ -121,7 +129,11 @@ header { } element.DOMAIN.tld { - header { + + # creates letsencrypt certificate + # tls your@email.com + + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Enable cross-site filter (XSS) and tell browser to block detected attacks @@ -145,3 +157,50 @@ element.DOMAIN.tld { header_up X-Forwarded-HttpsProto {proto} } } + +#jitsi.DOMAIN.tld { +# log { +# output discard +# } +# +# creates letsencrypt certificate +# tls your@email.com +# +# header { +# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS +# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" +# +# # Enable cross-site filter (XSS) and tell browser to block detected attacks +# X-XSS-Protection "1; mode=block" +# +# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type +# X-Content-Type-Options "nosniff" +# +# # Disallow the site to be rendered within a frame (clickjacking protection) +# X-Frame-Options "SAMEORIGIN" +# +# # Disable some features +# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'" +# +# # Referer +# Referrer-Policy "no-referrer" +# +# # X-Robots-Tag +# X-Robots-Tag "none" +# +# # Remove Server header +# -Server +# } +# +# handle { +# encode zstd gzip +# +# reverse_proxy 127.0.0.1:12080 { +# header_up X-Forwarded-Port {http.request.port} +# header_up X-Forwarded-Proto {http.request.scheme} +# header_up X-Forwarded-TlsProto {tls_protocol} +# header_up X-Forwarded-TlsCipher {tls_cipher} +# header_up X-Forwarded-HttpsProto {proto} +# } +# } +#} \ No newline at end of file diff --git a/examples/caddy2/README.md b/examples/caddy2/README.md new file mode 100644 index 000000000..4752140ff --- /dev/null +++ b/examples/caddy2/README.md @@ -0,0 +1,12 @@ +# Caddyfile + +This directory contains sample files that show you how to do reverse-proxying using Caddy2. + +## Config + +| Variable | Function | +| ------------------ | -------- | +| tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) | +| tls | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls | +| Jitsi | To enable Jitsi support uncomment the lines for Jitsi and set your data | +| log {output discard } | No output. You can find the Options in the [Documentaton](https://caddyserver.com/docs/caddyfile/directives/log) for logging | \ No newline at end of file From 63c92fc2def26a96aea7e6c3b797c4ffa01f98f9 Mon Sep 17 00:00:00 2001 From: 0hlov3 <0hlov3@protonmail.com> Date: Tue, 29 Dec 2020 12:02:12 +0100 Subject: [PATCH 2/3] Adds Example for Caddy2 Jitsi --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 6c2838d39..0ae274f73 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] retry_files_enabled = False -ansible_python_interpreter=/usr/bin/python3 + [connection] pipelining = True From f86d781244d8220a88bb55c55f25d8dd7c374942 Mon Sep 17 00:00:00 2001 From: 0hlov3 <0hlov3@protonmail.com> Date: Tue, 29 Dec 2020 14:07:32 +0100 Subject: [PATCH 3/3] Updates the the caddy2 Readme and comment lines for dimension --- examples/caddy2/Caddyfile | 66 +++++++++++++++++++-------------------- examples/caddy2/README.md | 4 +-- 2 files changed, 34 insertions(+), 36 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 82728f962..d13b9788f 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -97,37 +97,6 @@ matrix.DOMAIN.tld:8448 { } } -dimension.DOMAIN.tld { - - # creates letsencrypt certificate - # tls your@email.com - - header { - # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS - Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - # Enable cross-site filter (XSS) and tell browser to block detected attacks - X-XSS-Protection "1; mode=block" - # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type - X-Content-Type-Options "nosniff" - # Disallow the site to be rendered within a frame (clickjacking protection) - X-Frame-Options "DENY" - # X-Robots-Tag - X-Robots-Tag "noindex, noarchive, nofollow" - } - - handle { - encode zstd gzip - - reverse_proxy localhost:8184 { - header_up X-Forwarded-Port {http.request.port} - header_up X-Forwarded-Proto {http.request.scheme} - header_up X-Forwarded-TlsProto {tls_protocol} - header_up X-Forwarded-TlsCipher {tls_cipher} - header_up X-Forwarded-HttpsProto {proto} - } - } -} - element.DOMAIN.tld { # creates letsencrypt certificate @@ -158,10 +127,39 @@ element.DOMAIN.tld { } } +#dimension.DOMAIN.tld { +# +# # creates letsencrypt certificate +# # tls your@email.com +# +# header { +# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS +# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" +# # Enable cross-site filter (XSS) and tell browser to block detected attacks +# X-XSS-Protection "1; mode=block" +# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type +# X-Content-Type-Options "nosniff" +# # Disallow the site to be rendered within a frame (clickjacking protection) +# X-Frame-Options "DENY" +# # X-Robots-Tag +# X-Robots-Tag "noindex, noarchive, nofollow" +# } +# +# handle { +# encode zstd gzip +# +# reverse_proxy localhost:8184 { +# header_up X-Forwarded-Port {http.request.port} +# header_up X-Forwarded-Proto {http.request.scheme} +# header_up X-Forwarded-TlsProto {tls_protocol} +# header_up X-Forwarded-TlsCipher {tls_cipher} +# header_up X-Forwarded-HttpsProto {proto} +# } +# } +#} + + #jitsi.DOMAIN.tld { -# log { -# output discard -# } # # creates letsencrypt certificate # tls your@email.com diff --git a/examples/caddy2/README.md b/examples/caddy2/README.md index 4752140ff..022a4fec1 100644 --- a/examples/caddy2/README.md +++ b/examples/caddy2/README.md @@ -8,5 +8,5 @@ This directory contains sample files that show you how to do reverse-proxying us | ------------------ | -------- | | tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) | | tls | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls | -| Jitsi | To enable Jitsi support uncomment the lines for Jitsi and set your data | -| log {output discard } | No output. You can find the Options in the [Documentaton](https://caddyserver.com/docs/caddyfile/directives/log) for logging | \ No newline at end of file +| Dimnension | To enable Dimension support uncomment the lines for Dimension and set your data | +| Jitsi | To enable Jitsi support uncomment the lines for Jitsi and set your data | \ No newline at end of file