mirror of
https://github.com/d0zingcat/ghost-docker.git
synced 2026-05-13 23:16:44 +00:00
64 lines
1.5 KiB
Caddyfile
64 lines
1.5 KiB
Caddyfile
# Replace your-domain.com with your actual domain
|
|
{$DOMAIN} {
|
|
# Log all requests
|
|
log {
|
|
output stdout
|
|
format console
|
|
level INFO
|
|
}
|
|
|
|
# Proxy analytics requests with any prefix (e.g. /.ghost/analytics/ or /blog/.ghost/analytics/)
|
|
@analytics_paths path_regexp analytics_match ^(.*)/\.ghost/analytics(.*)$
|
|
handle @analytics_paths {
|
|
rewrite * {re.analytics_match.2}
|
|
reverse_proxy traffic-analytics:3000
|
|
}
|
|
|
|
# ActivityPub
|
|
# Proxy activitypub requests /.ghost/activitypub/
|
|
handle /.ghost/activitypub/* {
|
|
reverse_proxy activitypub:8080
|
|
}
|
|
|
|
handle /.well-known/webfinger {
|
|
reverse_proxy activitypub:8080
|
|
}
|
|
|
|
handle /.well-known/nodeinfo {
|
|
reverse_proxy activitypub:8080
|
|
}
|
|
|
|
# Default proxy everything else to Ghost
|
|
handle {
|
|
reverse_proxy ghost:2368
|
|
}
|
|
|
|
# Optional: Enable gzip compression
|
|
encode gzip
|
|
|
|
# Optional: Add security headers
|
|
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security max-age=31536000;
|
|
# Prevent embedding in frames
|
|
X-Frame-Options DENY
|
|
# Enable XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Prevent MIME sniffing
|
|
X-Content-Type-Options nosniff
|
|
# Referrer policy
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|
|
}
|
|
|
|
# Redirect www to non-www (optional)
|
|
www.{$DOMAIN} {
|
|
# Log all requests
|
|
log {
|
|
output stdout
|
|
format console
|
|
level INFO
|
|
}
|
|
redir https://{$DOMAIN}{uri}
|
|
}
|