fix: Updated Caddyfile

Alcides Ramos · Alcides Ramos · commit 5df7834a2d73 · 2025-06-10T10:47:21.000+02:00
using proper snippet composition
diff --git a/docker/caddy/Caddyfile b/docker/caddy/Caddyfile
@@ -5,9 +5,14 @@
 import snippets/*
 
 {$CADDY_HOSTNAME} {
+    import strip-www
     import common
+    import cache
+    import security
     import ssl
-    import domain
+    import not-found
 
     root * /var/www/html/public
+
+    import php-fastcgi
 }
diff --git a/docker/caddy/snippets/cache b/docker/caddy/snippets/cache
@@ -0,0 +1,18 @@
+(cache) {
+    header {
+        Cache-Control "public, max-age=31536000"
+    }
+
+    @static {
+        file
+        path *.avif *.ico *.css *.js *.gz *.eot *.ttf *.otf *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf
+    }
+    header @static Cache-Control "max-age=31536000,public,inmutable"
+
+    @html {
+        path *.html *.htm
+    }
+    header @html {
+        Cache-Control "public, max-age=43200"
+    }
+}
diff --git a/docker/caddy/snippets/domain b/docker/caddy/snippets/domain
diff --git a/docker/caddy/snippets/not-foud b/docker/caddy/snippets/not-foud
@@ -0,0 +1,9 @@
+(not-found) {
+    @static_404 {
+        path_regexp \.(jpg|jpeg|png|webp|gif|avif|ico|svg|css|js|gz|eot|ttf|otf|woff|woff2|pdf)$
+        not file
+    }
+    respond @static_404 "Not Found" 404 {
+        close
+    }
+}
diff --git a/docker/caddy/snippets/php-fastcgi b/docker/caddy/snippets/php-fastcgi
@@ -0,0 +1,9 @@
+(php-fastcgi) {
+    php_fastcgi {$CADDY_PHPFPM_GATEWAYS} {
+        index index.php
+
+        resolve_root_symlink
+
+        lb_policy round_robin
+    }
+}
diff --git a/docker/caddy/snippets/security b/docker/caddy/snippets/security
@@ -0,0 +1,20 @@
+(security) {
+    header {
+        Strict-Transport-Security "max-age=31536000;includeSubDomains;preload"
+        X-Frame-Options "SAMEORIGIN"
+        X-Xss-Protection "1;mode=block"
+        Referrer-Policy "no-referrer-when-downgrade"
+        X-Content-Type-Options "nosniff"
+        Permissions-Policy "autoplay=(self),camera=(),geolocation=(),microphone=(),payment=(),usb=()"
+
+        # Review
+        #?Content-Security-Policy "default-src 'self';script-src 'self';style-src 'self'"
+    }
+
+    @excludedMethods {
+        not method GET HEAD POST OPTIONS
+    }
+    respond @excludedMethods "Not Allowed" 405 {
+        close
+    }
+}
diff --git a/docker/caddy/snippets/strip-www b/docker/caddy/snippets/strip-www
@@ -0,0 +1,6 @@
+(strip-www) {
+    @strip_www {
+        header_regexp www Host ^www\.(.*)$
+    }
+    redir @strip_www https://{http.regexp.www.1}{uri}
+}
