migliorato security e config di caddy

2025-11-30 16:18:27 +01:00
parent c238237413
commit 7e1bd4c25f
1 changed files with 11 additions and 1 deletions
--- a/etc/caddy/Caddyfile
+++ b/etc/caddy/Caddyfile
@@ -17,11 +17,20 @@

 		level INFO
 	}
+
+	ocsp_stapling off
+
 }

 (common) {
 	header /* {
 		-Server
+		#Enable HSTS
+		Strict-Transport-Security max-age=31536000;
+		#Disable Clients from Sniffing Media Type
+		X-Content-Type-Options nosniff
+		#Keep Referrer Data off of HTTP Connections
+		Referrer-Policy no-referrer-when-downgrade
 	}
 }

@@ -75,7 +84,7 @@ https://rss.novemila.org {
 # COLLABORA

 #https://code.novemila.org {
-# encode gzip
+# 	 encode gzip
 #    reverse_proxy localhost:3005 {
 #    transport http {
 #      tls_insecure_skip_verify
@@ -103,6 +112,7 @@ https://mon.novemila.org {

 https://admin.cloud.novemila.org {
 	import common
+	encode gzip zstd
 	reverse_proxy localhost:3010 {
 		transport http {
 			tls_insecure_skip_verify