Add Gitea server

denis0001-dev · denis0001-dev · commit 50f3965e95bb · 2026-01-25T18:26:12.000+03:00
diff --git a/deployment/caddy/Caddyfile b/deployment/caddy/Caddyfile
@@ -79,6 +79,33 @@ beta.fromchat.ru {
 	}
 }
 
+git.fromchat.ru {
+	reverse_proxy 172.18.0.1:3000 host.docker.internal:3000 172.17.0.1:3000 {
+		lb_policy first
+        header_up X-Real-IP {remote_host}
+	}
+
+	# Security headers
+	header {
+		X-XSS-Protection "1; mode=block" # Prevent XSS attacks
+		X-Content-Type-Options "nosniff" # Prevent MIME type sniffing
+		X-Frame-Options "DENY" # Prevent clickjacking
+		Referrer-Policy "strict-origin-when-cross-origin"
+		Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none';"
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		Permissions-Policy "geolocation=(), microphone=(self), camera=(self)"
+	}
+
+	rate_limit {
+		zone global {
+			key {remote_ip}
+			window 1m
+			burst 20
+			events 500
+		}
+	}
+}
+
 api.getgadgets.toolbox-io.ru {
     reverse_proxy 95.165.0.162:8400
 }
