Kumi
9c7283dffd
Introduced handling for security.txt requests in the Caddyfile configuration to redirect users to a dedicated security page. This change enables visitors to easily find security policy and vulnerability reporting information by redirecting requests for `/.well-known/security.txt` and `/security.txt` to `https://security.private.coffee/security.txt`. Implementing this standard practice improves transparency and security posture by facilitating clearer communication with security researchers and the public.
42 lines
1.1 KiB
Caddyfile
42 lines
1.1 KiB
Caddyfile
private.coffee www.private.coffee {
|
|
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
|
|
|
header Access-Control-Allow-Origin https://element.private.coffee
|
|
header Access-Control-Allow-Methods "GET"
|
|
header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
|
|
header Access-Control-Expose-Headers "Content-Length,Content-Range"
|
|
|
|
@matrix {
|
|
path matrix /.well-known/matrix/*
|
|
}
|
|
|
|
@assets {
|
|
path assets /assets/*
|
|
}
|
|
|
|
@security {
|
|
path security-well-known /.well-known/security.txt
|
|
path security /security.txt
|
|
}
|
|
|
|
handle @matrix {
|
|
header /.well-known/matrix/* Content-Type application/json
|
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
|
respond /.well-known/matrix/server `{"m.server": "matrix.private.coffee:443"}`
|
|
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.private.coffee"}}`
|
|
}
|
|
|
|
handle @assets {
|
|
file_server
|
|
root * /srv/private.coffee
|
|
}
|
|
|
|
handle @security {
|
|
redir https://security.private.coffee/security.txt
|
|
}
|
|
|
|
handle {
|
|
reverse_proxy * unix//var/run/uwsgi/privatecoffee.sock
|
|
}
|
|
}
|