d0zingcat/ghost-docker
1
0
Fork 0
mirror of https://github.com/d0zingcat/ghost-docker.git synced 2026-06-07 23:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Caddy: Add option to have a separate Admin domain

Browse Source 
- Our setup docs recommend having Ghost Admin on a separate domain from the content domain
- This lets users optionally set this up if they want whilst continuing to align Admin <-> content domain through templates
This commit is contained in:
James Loh
2025-07-15 16:22:58 +10:00
parent b2a3d75490
commit ceac2ed1c2
4 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@@ -8,6 +8,11 @@ GHOST_VERSION=5-alpine
# Public domain Ghost is going to run on # Public domain Ghost is going to run on
DOMAIN=example.com DOMAIN=example.com
# If you have Ghost Admin setup on a separate domain
# uncomment the below along with the corresponding block
# in your Caddyfile
# ADMIN_DOMAIN=
# Database settings # Database settings
DATABASE_ROOT_PASSWORD=reallysecurerootpassword DATABASE_ROOT_PASSWORD=reallysecurerootpassword
DATABASE_USER=optionalusername DATABASE_USER=optionalusername

35
caddy/Caddyfile.example
View File

@@ -17,20 +17,31 @@
encode gzip encode gzip
# Optional: Add security headers # Optional: Add security headers
header { import snippets/SecurityHeaders
# Enable HSTS
Strict-Transport-Security max-age=31536000;
# Prevent embedding in frames
X-Frame-Options DENY
# Enable XSS protection
X-XSS-Protection "1; mode=block"
# Prevent MIME sniffing
X-Content-Type-Options nosniff
# Referrer policy
Referrer-Policy strict-origin-when-cross-origin
}
} }
# If you have a separate domain for Ghost Admin uncomment the below block
# {$ADMIN_DOMAIN} {
# import snippets/Logging
#
# # Traffic Analytics service
# import snippets/TrafficAnalytics
#
# # ActivityPub Service
# import snippets/ActivityPub
#
# # Default proxy everything else to Ghost
# handle {
# reverse_proxy ghost:2368
# }
#
# # Optional: Enable gzip compression
# encode gzip
#
# # Optional: Add security headers
# import snippets/SecurityHeaders
# }
# If you want to redirect the www variant of your domain to the non-www varient uncomment the below 4 lines # If you want to redirect the www variant of your domain to the non-www varient uncomment the below 4 lines
# Note: You must have DNS setup correctly for this to work # Note: You must have DNS setup correctly for this to work
# www.{$DOMAIN} { # www.{$DOMAIN} {

12
caddy/snippets/SecurityHeaders Normal file
View File

@@ -0,0 +1,12 @@
header {
# Enable HSTS
Strict-Transport-Security max-age=31536000;
# Prevent embedding in frames
X-Frame-Options DENY
# Enable XSS protection
X-XSS-Protection "1; mode=block"
# Prevent MIME sniffing
X-Content-Type-Options nosniff
# Referrer policy
Referrer-Policy strict-origin-when-cross-origin
}

1
compose.yml
View File

@@ -9,6 +9,7 @@ services:
- "443:443" - "443:443"
environment: environment:
DOMAIN: ${DOMAIN:?DOMAIN environment variable is required} DOMAIN: ${DOMAIN:?DOMAIN environment variable is required}
ADMIN_DOMAIN: ${ADMIN_DOMAIN:-}
ACTIVITYPUB_TARGET: ${ACTIVITYPUB_TARGET:-https://ap.ghost.org} ACTIVITYPUB_TARGET: ${ACTIVITYPUB_TARGET:-https://ap.ghost.org}
volumes: volumes:
- ./caddy:/etc/caddy - ./caddy:/etc/caddy