mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-30 07:20:09 +00:00
62 lines
1.4 KiB
Caddyfile
62 lines
1.4 KiB
Caddyfile
{
|
|
admin off
|
|
|
|
# auto_https will create redirects for https://{host}:8443 instead of https://{host}
|
|
# https redirects are added manually in the http://:80 block
|
|
auto_https disable_redirects
|
|
|
|
storage file_system {
|
|
root /mnt/docker-aio-config/caddy/
|
|
}
|
|
|
|
log {
|
|
# The log level is hardcoded here to ERROR by design.
|
|
# We need to mute two warnings printed to the logs:
|
|
# 1. admin endpoint disabled
|
|
# 2. Warning regarding on-demand tls
|
|
# See https://github.com/nextcloud/all-in-one#securing-the-aio-interface-from-unauthorized-acme-challenges
|
|
level ERROR
|
|
# We need to exclude the remote-host plugin from logging as it would spam the logs
|
|
# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239
|
|
exclude http.matchers.remote_host
|
|
}
|
|
|
|
servers {
|
|
# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
|
|
protocols h1
|
|
}
|
|
|
|
on_demand_tls {
|
|
ask http://127.0.0.1:9876/
|
|
}
|
|
|
|
skip_install_trust
|
|
}
|
|
|
|
http://:80 {
|
|
redir https://{host}{uri} permanent
|
|
}
|
|
|
|
https://:8443 {
|
|
import headers.Caddyfile
|
|
header Strict-Transport-Security max-age=31536000;
|
|
|
|
@denied {
|
|
path /api/auth/login /api/auth/getlogin
|
|
remote_host nextcloud-aio-nextcloud
|
|
}
|
|
abort @denied
|
|
|
|
root * /var/www/docker-aio/php/public
|
|
php_fastcgi unix//run/php.sock
|
|
file_server
|
|
|
|
tls {
|
|
on_demand
|
|
issuer acme {
|
|
profile shortlived
|
|
disable_tlsalpn_challenge
|
|
}
|
|
}
|
|
}
|