58 lines
2.6 KiB
Plaintext
58 lines
2.6 KiB
Plaintext
# ═══════════════════════════════════════════════════════════════
|
||
# Caddy 站点配置 — prl.hty1024.com (Demo 环境)
|
||
#
|
||
# 使用说明:
|
||
# 1. 将此文件复制到 /etc/caddy/sites/ 目录
|
||
# 2. 确保 /etc/caddy/Caddyfile 中包含:
|
||
# import /etc/caddy/sites/*.caddy
|
||
# 3. 执行 systemctl reload caddy(或 caddy reload)
|
||
#
|
||
# Caddy 会自动申请并续期 Let's Encrypt TLS 证书。
|
||
# ═══════════════════════════════════════════════════════════════
|
||
|
||
prl.hty1024.com {
|
||
|
||
# ── 反向代理到 Flask 应用 ────────────────────────────────────
|
||
reverse_proxy 127.0.0.1:5000 {
|
||
# 传递真实客户端 IP
|
||
header_up X-Real-IP {remote_host}
|
||
header_up X-Forwarded-For {remote_host}
|
||
header_up X-Forwarded-Proto {scheme}
|
||
header_up Host {host}
|
||
|
||
# 健康检查(可选,Caddy 会自动摘除不健康的上游)
|
||
health_uri /auth/login
|
||
health_interval 30s
|
||
health_timeout 5s
|
||
}
|
||
|
||
# ── 响应压缩 ────────────────────────────────────────────────
|
||
encode gzip
|
||
|
||
# ── 安全响应头 ──────────────────────────────────────────────
|
||
header {
|
||
# 禁止 iframe 嵌入(点击劫持防护)
|
||
X-Frame-Options "SAMEORIGIN"
|
||
# 禁止 MIME 类型嗅探
|
||
X-Content-Type-Options "nosniff"
|
||
# 强制 HTTPS(HSTS,6 个月)
|
||
Strict-Transport-Security "max-age=15768000; includeSubDomains"
|
||
# XSS 过滤(旧浏览器兼容)
|
||
X-XSS-Protection "1; mode=block"
|
||
# Referrer 策略
|
||
Referrer-Policy "strict-origin-when-cross-origin"
|
||
# 删除 Server 头(隐藏服务器信息)
|
||
-Server
|
||
}
|
||
|
||
# ── 访问日志 ────────────────────────────────────────────────
|
||
log {
|
||
output file /var/log/caddy/prl.hty1024.com.log {
|
||
roll_size 50mb
|
||
roll_keep 5
|
||
roll_keep_for 720h
|
||
}
|
||
format json
|
||
}
|
||
}
|