Update varnish and headers (#4)

* update varnish * update headers * Indent with 4 spaces. Co-authored-by: FireMasterK <20838718+FireMasterK@users.noreply.github.com>
2024-12-12 21:30:41 +05:30 · 2021-09-19 00:59:50 +02:00 · 2021-09-19 00:59:50 +02:00 · 5862e8354a
commit 5862e8354a
parent 0db53dcbeb
2 changed files with 70 additions and 30 deletions
--- a/template/Caddyfile
+++ b/template/Caddyfile
@ -1,48 +1,88 @@
 {
-	servers :443 {
-		protocol {
-			experimental_http3
-		}
-	}
+    servers :443 {
+        protocol {
+            experimental_http3
+        }
+    }
 }

 FRONTEND_HOSTNAME {
-  reverse_proxy pipedfrontend:80
+    reverse_proxy pipedfrontend:80
+    header {
+        # disable FLoC tracking
+        Permissions-Policy interest-cohort=()
+
+        # enable HSTS
+        Strict-Transport-Security max-age=31536000;
+
+        # keep referrer data off
+        Referrer-Policy no-referrer
+
+        # prevent for appearing in search engine for private instances (option)
+        #X-Robots-Tag noindex
+    }
 }

 BACKEND_HOSTNAME {
-  reverse_proxy varnish:80
+    reverse_proxy varnish:80
+    header {
+        # disable FLoC tracking
+        Permissions-Policy interest-cohort=()
+
+        # enable HSTS
+        Strict-Transport-Security max-age=31536000;
+
+        # keep referrer data off
+        Referrer-Policy no-referrer
+
+        # prevent for appearing in search engine for private instances (option)
+        #X-Robots-Tag noindex
+    }
 }

 PROXY_HOSTNAME {

-  @ytproxy path /videoplayback* /api/v4/* /api/manifest/*
+    @ytproxy path /videoplayback* /api/v4/* /api/manifest/*

-  @optionscall {
-    method OPTIONS
-  }
-
-  header Access-Control-Allow-Origin *
-  header Access-Control-Allow-Headers *
-
-  route {
-
-    header @ytproxy {
-      Cache-Control private always
+    @optionscall {
+        method OPTIONS
    }

-    header / {
-      Cache-Control "public, max-age=604800"
+    header {
+        Access-Control-Allow-Origin *
+        Access-Control-Allow-Headers *
+  
+        # disable FLoC tracking
+        Permissions-Policy interest-cohort=()
+
+        # enable HSTS
+        Strict-Transport-Security max-age=31536000;
+
+        # keep referrer data off
+        Referrer-Policy no-referrer
+
+        # prevent for appearing in search engine for private instances (option)
+        #X-Robots-Tag noindex
    }

-    respond @optionscall 200
+    route {

-    reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
-      header_up -CF-Connecting-IP
-      header_up -X-Forwarded-For
-      header_down -Access-Control-Allow-Origin
-      header_down -etag
-      header_down -alt-svc
+        header @ytproxy {
+            Cache-Control private always
+        }
+
+        header / {
+            Cache-Control "public, max-age=604800"
+        }
+
+        respond @optionscall 200
+
+        reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
+            header_up -CF-Connecting-IP
+            header_up -X-Forwarded-For
+            header_down -Access-Control-Allow-Origin
+            header_down -etag
+            header_down -alt-svc
+        }
    }
-  }
 }
--- a/template/docker-compose.yml
+++ b/template/docker-compose.yml
@ -21,7 +21,7 @@ services:
            - postgres
        container_name: piped-backend
    varnish:
-        image: varnish:6.6-alpine
+        image: varnish:7.0-alpine
        restart: unless-stopped
        volumes:
            - ./config/default.vcl:/etc/varnish/default.vcl:ro