update caddy file
This commit is contained in:
qadamscqueezy
parent
6c8cc37313
commit
07fbb7af2c
|
|
@ -1,65 +1,79 @@
|
||||||
{
|
{
|
||||||
skip_install_trust
|
# Global options
|
||||||
|
|
||||||
{$CADDY_GLOBAL_OPTIONS}
|
|
||||||
|
|
||||||
frankenphp {
|
frankenphp {
|
||||||
{$FRANKENPHP_CONFIG}
|
# Number of workers for better performance
|
||||||
|
num_threads {$NUM_THREADS:4}
|
||||||
|
}
|
||||||
|
|
||||||
worker {
|
# Order directives properly
|
||||||
file ./public/index.php
|
order mercure after encode
|
||||||
env APP_RUNTIME Runtime\FrankenPhpSymfony\Runtime
|
order php_server before file_server
|
||||||
{$FRANKENPHP_WORKER_CONFIG}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
{$CADDY_EXTRA_CONFIG}
|
# HTTP server - HTTPS is handled by caddy-proxy
|
||||||
|
{$SERVER_NAME:80} {
|
||||||
|
# Root directory
|
||||||
|
root * /app/public
|
||||||
|
|
||||||
{$SERVER_NAME:localhost} {
|
# Enable compression
|
||||||
log {
|
encode zstd gzip
|
||||||
{$CADDY_SERVER_LOG_OPTIONS}
|
|
||||||
# Redact the authorization query parameter that can be set by Mercure
|
|
||||||
format filter {
|
|
||||||
request>uri query {
|
|
||||||
replace authorization REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
root /app/public
|
|
||||||
encode zstd br gzip
|
|
||||||
|
|
||||||
|
# Mercure hub configuration (built-in)
|
||||||
mercure {
|
mercure {
|
||||||
# Publisher JWT key
|
# Publisher JWT key
|
||||||
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
|
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {
|
||||||
|
algorithm hs256
|
||||||
|
}
|
||||||
# Subscriber JWT key
|
# Subscriber JWT key
|
||||||
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
|
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {
|
||||||
# Allow anonymous subscribers (double-check that it's what you want)
|
algorithm hs256
|
||||||
|
}
|
||||||
|
# Allow anonymous subscribers
|
||||||
anonymous
|
anonymous
|
||||||
# Enable the subscription API (double-check that it's what you want)
|
# CORS configuration
|
||||||
subscriptions
|
cors_origins *
|
||||||
# Extra directives
|
|
||||||
{$MERCURE_EXTRA_DIRECTIVES}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
vulcain
|
# Client max body size (for uploads)
|
||||||
|
request_body {
|
||||||
{$CADDY_SERVER_EXTRA_DIRECTIVES}
|
max_size 20MB
|
||||||
|
|
||||||
# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
|
|
||||||
header ?Permissions-Policy "browsing-topics=()"
|
|
||||||
|
|
||||||
@phpRoute {
|
|
||||||
not path /.well-known/mercure*
|
|
||||||
not file {path}
|
|
||||||
}
|
}
|
||||||
rewrite @phpRoute index.php
|
|
||||||
|
|
||||||
@frontController path index.php
|
# Security: Deny access to sensitive directories
|
||||||
php @frontController
|
@forbidden {
|
||||||
|
path /bin/* /config/* /src/* /templates/* /tests/* /translations/* /var/* /vendor/*
|
||||||
|
}
|
||||||
|
handle @forbidden {
|
||||||
|
respond "Access Denied" 404
|
||||||
|
}
|
||||||
|
|
||||||
file_server {
|
# Security: Deny access to dot files (except .well-known for Mercure)
|
||||||
hide *.php
|
@dotfiles {
|
||||||
|
path */.*
|
||||||
|
not path /.well-known/*
|
||||||
|
}
|
||||||
|
handle @dotfiles {
|
||||||
|
respond "Access Denied" 404
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cache static assets (30 days)
|
||||||
|
@static {
|
||||||
|
path *.jpg *.jpeg *.png *.gif *.ico *.css *.js *.svg *.woff *.woff2 *.ttf *.eot *.xlsx
|
||||||
|
}
|
||||||
|
handle @static {
|
||||||
|
header Cache-Control "public, max-age=2592000, no-transform"
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# PHP FrankenPHP handler
|
||||||
|
php_server {
|
||||||
|
# Resolve symlinks
|
||||||
|
resolve_root_symlink
|
||||||
|
}
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/access.log
|
||||||
|
format json
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue