-
-
Notifications
You must be signed in to change notification settings - Fork 290
Expand file tree
/
Copy pathcaddy.conf.example
More file actions
214 lines (196 loc) · 7.05 KB
/
caddy.conf.example
File metadata and controls
214 lines (196 loc) · 7.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# Caddy configuration for Poweradmin
# This configuration is used in the production Docker image and provides
# comprehensive security, API support, and performance optimizations.
#
# Usage:
# 1. Copy this file to your desired location (e.g., /etc/caddy/Caddyfile)
# 2. Adjust the following settings for your environment:
# - server_name: Set to your domain name (replace :80 with your-domain.com)
# - root: Set to your Poweradmin installation path (default: /srv/www)
# - php_fastcgi: Adjust PHP-FPM socket/TCP configuration as needed
#
# For HTTPS, replace :80 with your domain name and Caddy will automatically
# obtain and manage SSL certificates via Let's Encrypt.
#
# For subfolder deployment (e.g., /poweradmin):
# - See the "SUBFOLDER DEPLOYMENT" section at the end of this file
# - Set 'base_url_prefix' => '/poweradmin' in config/settings.php
# ============================================================================
# ROOT FOLDER DEPLOYMENT (Default)
# ============================================================================
:80 {
# Set this path to your Poweradmin installation directory
root * /srv/www
# Enable access logs
log {
output file /var/log/caddy/poweradmin.log {
roll_size 100mb
roll_keep 5
roll_keep_for 720h
}
format console
level INFO
}
# Enable gzip compression
encode gzip
# Security: Deny access to sensitive directories
@denied path /config* /lib* /tests* /vendor*
@bootstrap path /vendor/twbs/bootstrap* /vendor/twbs/bootstrap-icons*
# Allow Bootstrap files (override general vendor blocking)
handle @bootstrap {
file_server
}
# Block sensitive directories (excluding bootstrap)
handle @denied {
respond "Forbidden" 403
}
# Security: Deny access to hidden files and sensitive file types
@hidden path .* *.sql *.md *.log *.yaml *.yml
handle @hidden {
respond "Forbidden" 403
}
# Static assets with caching
@static path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
handle @static {
header Cache-Control "public, max-age=31536000"
file_server
}
# Handle OPTIONS preflight requests for CORS
@options method OPTIONS
handle @options {
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header Access-Control-Allow-Headers "Content-Type, Authorization, X-API-Key"
header Access-Control-Max-Age "3600"
respond "" 204
}
# API endpoints with CORS
@api path /api*
handle @api {
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header Access-Control-Allow-Headers "Content-Type, Authorization, X-API-Key"
header Access-Control-Max-Age "3600"
# Forward all API requests to index.php with proper query handling
rewrite * /index.php{uri}
php_fastcgi unix//run/php/php-fpm.sock {
read_timeout 180s
env HTTP_AUTHORIZATION {http.request.header.Authorization}
}
}
# DDNS update endpoints (for dynamic DNS functionality)
rewrite /update /dynamic_update.php
rewrite /nic/update /dynamic_update.php
# Clean URL routing - let Symfony Router handle all routing
try_files {path} {path}/ /index.php{uri}
# PHP handling
php_fastcgi unix//run/php/php-fpm.sock {
read_timeout 180s
env HTTP_AUTHORIZATION {http.request.header.Authorization}
}
# Enable file server for static content
file_server
}
# ============================================================================
# SUBFOLDER DEPLOYMENT (e.g., /poweradmin)
# ============================================================================
# Use this configuration when Poweradmin is installed in a subfolder.
# IMPORTANT: Set 'base_url_prefix' => '/poweradmin' in config/settings.php
# Example: Poweradmin accessible at https://example.com/poweradmin/
# Uncomment and adjust the configuration below:
# :80 {
# root * /srv/www
#
# # Enable access logs
# log {
# output file /var/log/caddy/poweradmin.log
# format console
# level INFO
# }
#
# # Enable gzip compression
# encode gzip
#
# # Handle Poweradmin subfolder
# route /poweradmin* {
# # Strip /poweradmin prefix for file serving
# uri strip_prefix /poweradmin
#
# # Security: Deny access to sensitive directories
# @denied path /config* /lib* /tests* /vendor*
# @bootstrap path /vendor/twbs/bootstrap* /vendor/twbs/bootstrap-icons*
#
# handle @bootstrap {
# file_server {
# root /srv/www/poweradmin
# }
# }
#
# handle @denied {
# respond "Forbidden" 403
# }
#
# # Security: Deny access to hidden files and sensitive file types
# @hidden path .* *.sql *.md *.log *.yaml *.yml
# handle @hidden {
# respond "Forbidden" 403
# }
#
# # Static assets with caching
# @static path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
# handle @static {
# header Cache-Control "public, max-age=31536000"
# file_server {
# root /srv/www/poweradmin
# }
# }
#
# # Handle OPTIONS preflight requests for CORS
# @options method OPTIONS
# handle @options {
# header Access-Control-Allow-Origin "*"
# header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
# header Access-Control-Allow-Headers "Content-Type, Authorization, X-API-Key"
# header Access-Control-Max-Age "3600"
# respond "" 204
# }
#
# # API endpoints with CORS
# @api path /api*
# handle @api {
# header Access-Control-Allow-Origin "*"
# header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
# header Access-Control-Allow-Headers "Content-Type, Authorization, X-API-Key"
# header Access-Control-Max-Age "3600"
#
# rewrite * /index.php{uri}
# php_fastcgi unix//run/php/php-fpm.sock {
# root /srv/www/poweradmin
# read_timeout 180s
# env HTTP_AUTHORIZATION {http.request.header.Authorization}
# }
# }
#
# # DDNS update endpoints
# rewrite /update /dynamic_update.php
# rewrite /nic/update /dynamic_update.php
#
# # Clean URL routing
# try_files {path} {path}/ /index.php{uri}
#
# # PHP handling
# php_fastcgi unix//run/php/php-fpm.sock {
# root /srv/www/poweradmin
# read_timeout 180s
# env HTTP_AUTHORIZATION {http.request.header.Authorization}
# }
#
# # Enable file server
# file_server {
# root /srv/www/poweradmin
# }
# }
#
# # Serve other content from root if needed
# file_server
# }