43 lines
1.1 KiB
Django/Jinja
43 lines
1.1 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
{
|
|
# acme_dns njalla < place here caddy.njalla_api_token if needed later >
|
|
key_type ed25519
|
|
|
|
log default {
|
|
output stdout
|
|
format json
|
|
include http.log.access admin.api
|
|
}
|
|
}
|
|
|
|
https://{{ headscale.dns.base_domain }} {
|
|
reverse_proxy /web* https://{{ headscale.ui.listen_url }}
|
|
|
|
reverse_proxy * https://{{ headscale.listen_addr }} {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
|
|
# headers
|
|
header /web* {
|
|
x-frame-options "sameorigin"
|
|
x-content-type-options "nosniff"
|
|
x-xss-protection "1; mode=block"
|
|
content-security-policy "
|
|
upgrade-insecure-requests;
|
|
default-src 'self';
|
|
style-src 'self';
|
|
script-src 'self' {{ headscale.server_url }};
|
|
font-src 'self';
|
|
img-src data: 'self';
|
|
form-action 'self';
|
|
connect-src 'self';
|
|
frame-ancestors 'none';
|
|
"
|
|
cross-origin-opener-policy "same-origin"
|
|
permissions-policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()"
|
|
referrer-policy "no-referrer; strict-origin-when-cross-origin"
|
|
}
|
|
}
|