• 06 July 2025
• cheatsheet

• hot reload: docker exec -w /etc/caddy [caddy container name] caddy reload
• reverse proxy

subdomain.test.com {
	redir /path /real_path   # optional, for redirect
	reverse_proxy http://mycontainer:8080
	
	# Provide Zstd and Gzip compression  
    encode gzip zstd
		
	# log  
	log {  
		output file /var/log/caddy/subdomain.test.log  
	}
}

• static site

[domain] {
	root * /var/www/mysite
	file_server
}

• security.conf example:

# filename: snippets/security.conf

header {
    # keep referrer data off of HTTP connections
    Referrer-Policy no-referrer-when-downgrade
    # Referrer-Policy "strict-origin-when-cross-origin"

    # enable HSTS
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

    # Enable cross-site filter (XSS) and tell browser to block detected attacks
    X-Xss-Protection "1; mode=block"

    # disable clients from sniffing the media type
    X-Content-Type-Options "nosniff"

    # clickjacking protection
    # X-Frame-Options "SAMEORIGIN"
    # now the frame options is handled by Content-Security-Policy frame-ancestors

    Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" 

    # hide server name
    -Server LexxServerCluster
}