ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
748e27837bd41ed6d2ea4cf834daf8e8d64d3bcb
ansible/privfrontends/templates/Caddyfile.j2
Arya Kiran 748e27837b remove ratelimiter
2025-12-08 11:08:39 +05:30

168 lines
5.4 KiB
Django/Jinja
Raw Blame History

{
order cgi before respond
}
(tor) {
header {
-Strict-Transport-Security
-Referrer-Policy
-Content-Security-Policy
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
# clickjacking protection
X-Frame-Options SAMEORIGIN
Onion-Location http://{args[0]}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
defer
}
}
(torloc) {
header Onion-Location http://{args[0]}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
}
(acmedns) {
tls {
dns desec {
token "{{ rfc2136_key }}"
}
propagation_delay 1m
}
}
(def) {
header {
# disable FLoC tracking
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options SAMEORIGIN
defer
}
log {
# Anonymised IPs, User-Agents, and Cookies, also removed the URI as mentionned in the privacy policy.
# Subject to change, if we find any missing config we haven't filtered, it will be added.
output file /var/log/caddy/caddy.log
format filter {
wrap json
fields {
request>remote_ip ip_mask {
ipv4 16
ipv6 64
}
request>client_ip ip_mask {
ipv4 16
ipv6 64
}
request>headers>X-Forwarded-For ip_mask {
ipv4 16
ipv6 64
}
request>headers>Cookie cookie {
replace session REDACTED
delete secret
}
request>headers>User-Agent delete
request>headers>Onion-Location delete
request>headers>Referer delete
request>uri replace "/ABCDF"
}
}
}
@denied client_ip {{ blocked_ranges }}
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email contact@projectsegfau.lt." 403
import acmedns
}
import ./*.Caddyfile
:8093 {
cgi /vnstat /var/lib/caddy/www/vnstat-metrics.cgi
}
teddit.{{ server_prefix }}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{{ server_prefix }}.psf.lt {
respond "Service has been shutdown"
import def
import torloc teddit
}
inv.{{ server_prefix }}.projectsegfau.lt i.{{ server_prefix }}.psf.lt {
respond "Service has been shutdown"
import def
import torloc inv
}
overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt {
respond "Service has been shutdown"
import def
import torloc overflow
}
rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt {
respond "Service has been shutdown"
import def
import torloc rimgo
}
bw.{{ server_prefix }}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{ server_prefix }}.psf.lt {
import def
import torloc breezewiki
respond "Service has been shutdown"
}
scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt {
import def
import torloc scribe
respond "Service has been shutdown"
}
safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt {
import def
respond "Service has been shutdown"
import torloc safetwitch
}
api.safetwitch.{{ server_prefix }}.projectsegfau.lt {
respond "Service has been shutdown"
# Something is taking the port 5071, I've went ahead and changed it to 5072 temporarily, can be permanently kept.
import def
}
hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt {
import def
respond "Service has been shutdown"
}
hyperpipebackend.{{ server_prefix }}.projectsegfau.lt {
respond "Service has been shutdown"
import def
}
search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt {
import def
import torloc search
respond "Service has been shutdown"
}
piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {
respond "Service has been shutdown"
header -X-Frame-Options
import def
}
pi.{{ server_prefix }}.psf.lt {
respond "Service has been shutdown"
import def
}
priviblur.{{ server_prefix }}.projectsegfau.lt priviblur.projectsegfau.lt pb.psf.lt pb.{{ server_prefix }}.psf.lt {
import def
respond "Service has been shutdown"
import torloc priviblur
}
lace.{{ server_prefix }}.projectsegfau.lt lace.projectsegfau.lt l.psf.lt l.{{ server_prefix }}.psf.lt {
import def
respond "Service has been shutdown"
import torloc lace
}
lbry.{{ server_prefix }}.projectsegfau.lt lbry.projectsegfau.lt {
respond "Service has been shutdown"
import def
import torloc lbry
}
Reference in New Issue View Git Blame Copy Permalink