From 7e1bd4c25f0c4fbeb89702091e7a2501659056e0 Mon Sep 17 00:00:00 2001
From: dado <dado@mail.me>
Date: Sun, 30 Nov 2025 16:18:27 +0100
Subject: [PATCH] migliorato security e config di caddy

---
 etc/caddy/Caddyfile | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/etc/caddy/Caddyfile b/etc/caddy/Caddyfile
index 6672694..652b939 100644
--- a/etc/caddy/Caddyfile
+++ b/etc/caddy/Caddyfile
@@ -17,11 +17,20 @@
 
 		level INFO
 	}
+
+	ocsp_stapling off
+
 }
 
 (common) {
 	header /* {
 		-Server
+		#Enable HSTS
+		Strict-Transport-Security max-age=31536000;
+		#Disable Clients from Sniffing Media Type
+		X-Content-Type-Options nosniff
+		#Keep Referrer Data off of HTTP Connections
+		Referrer-Policy no-referrer-when-downgrade
 	}
 }
 
@@ -75,7 +84,7 @@ https://rss.novemila.org {
 # COLLABORA
 
 #https://code.novemila.org {
-# encode gzip
+# 	 encode gzip
 #    reverse_proxy localhost:3005 {
 #    transport http {
 #      tls_insecure_skip_verify
@@ -103,6 +112,7 @@ https://mon.novemila.org {
 
 https://admin.cloud.novemila.org {
 	import common
+	encode gzip zstd
 	reverse_proxy localhost:3010 {
 		transport http {
 			tls_insecure_skip_verify