update caddy file
This commit is contained in:
qadamscqueezy
parent
6c8cc37313
commit
07fbb7af2c
|
|
@ -1,65 +1,79 @@
|
|||
{
|
||||
skip_install_trust
|
||||
|
||||
{$CADDY_GLOBAL_OPTIONS}
|
||||
|
||||
# Global options
|
||||
frankenphp {
|
||||
{$FRANKENPHP_CONFIG}
|
||||
|
||||
worker {
|
||||
file ./public/index.php
|
||||
env APP_RUNTIME Runtime\FrankenPhpSymfony\Runtime
|
||||
{$FRANKENPHP_WORKER_CONFIG}
|
||||
}
|
||||
}
|
||||
# Number of workers for better performance
|
||||
num_threads {$NUM_THREADS:4}
|
||||
}
|
||||
|
||||
{$CADDY_EXTRA_CONFIG}
|
||||
|
||||
{$SERVER_NAME:localhost} {
|
||||
log {
|
||||
{$CADDY_SERVER_LOG_OPTIONS}
|
||||
# Redact the authorization query parameter that can be set by Mercure
|
||||
format filter {
|
||||
request>uri query {
|
||||
replace authorization REDACTED
|
||||
}
|
||||
}
|
||||
# Order directives properly
|
||||
order mercure after encode
|
||||
order php_server before file_server
|
||||
}
|
||||
|
||||
root /app/public
|
||||
encode zstd br gzip
|
||||
# HTTP server - HTTPS is handled by caddy-proxy
|
||||
{$SERVER_NAME:80} {
|
||||
# Root directory
|
||||
root * /app/public
|
||||
|
||||
# Enable compression
|
||||
encode zstd gzip
|
||||
|
||||
# Mercure hub configuration (built-in)
|
||||
mercure {
|
||||
# Publisher JWT key
|
||||
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
|
||||
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {
|
||||
algorithm hs256
|
||||
}
|
||||
# Subscriber JWT key
|
||||
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
|
||||
# Allow anonymous subscribers (double-check that it's what you want)
|
||||
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {
|
||||
algorithm hs256
|
||||
}
|
||||
# Allow anonymous subscribers
|
||||
anonymous
|
||||
# Enable the subscription API (double-check that it's what you want)
|
||||
subscriptions
|
||||
# Extra directives
|
||||
{$MERCURE_EXTRA_DIRECTIVES}
|
||||
# CORS configuration
|
||||
cors_origins *
|
||||
}
|
||||
|
||||
vulcain
|
||||
|
||||
{$CADDY_SERVER_EXTRA_DIRECTIVES}
|
||||
|
||||
# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
|
||||
header ?Permissions-Policy "browsing-topics=()"
|
||||
|
||||
@phpRoute {
|
||||
not path /.well-known/mercure*
|
||||
not file {path}
|
||||
# Client max body size (for uploads)
|
||||
request_body {
|
||||
max_size 20MB
|
||||
}
|
||||
rewrite @phpRoute index.php
|
||||
|
||||
@frontController path index.php
|
||||
php @frontController
|
||||
# Security: Deny access to sensitive directories
|
||||
@forbidden {
|
||||
path /bin/* /config/* /src/* /templates/* /tests/* /translations/* /var/* /vendor/*
|
||||
}
|
||||
handle @forbidden {
|
||||
respond "Access Denied" 404
|
||||
}
|
||||
|
||||
file_server {
|
||||
hide *.php
|
||||
# Security: Deny access to dot files (except .well-known for Mercure)
|
||||
@dotfiles {
|
||||
path */.*
|
||||
not path /.well-known/*
|
||||
}
|
||||
handle @dotfiles {
|
||||
respond "Access Denied" 404
|
||||
}
|
||||
|
||||
# Cache static assets (30 days)
|
||||
@static {
|
||||
path *.jpg *.jpeg *.png *.gif *.ico *.css *.js *.svg *.woff *.woff2 *.ttf *.eot *.xlsx
|
||||
}
|
||||
handle @static {
|
||||
header Cache-Control "public, max-age=2592000, no-transform"
|
||||
file_server
|
||||
}
|
||||
|
||||
# PHP FrankenPHP handler
|
||||
php_server {
|
||||
# Resolve symlinks
|
||||
resolve_root_symlink
|
||||
}
|
||||
|
||||
# Logging
|
||||
log {
|
||||
output file /var/log/caddy/access.log
|
||||
format json
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue