```
✨ feat(ReserverController): Ajoute vérification de disponibilité produit. 🛠️ refactor(BackupCommand): Utilise DatabaseDumper et ZipArchiver. ✨ feat(GitSyncLogCommand): Utilise Gemini pour messages plus clairs. ✨ feat(GenerateVideoThumbsCommand): Utilise VideoThumbnailer service. ✨ feat(AppWarmupImagesCommand): Utilise StorageInterface pour warmup. 🔒️ security(nelmio_security): Renforce la sécurité avec des en-têtes. 🔧 chore(caddy): Améliore la configuration de Caddy pour la performance. 🐛 fix(makefile): Corrige les commandes de test. 🧪 chore(.env.test): Supprime la ligne vide à la fin du fichier. 🔧 chore(doctrine): Active native_lazy_objects. 🔧 chore(cache): Ajoute un cache system. ```
This commit is contained in:
Serreau Jovann
@@ -1,4 +1,12 @@
|
||||
etl.ludikevent.fr, intranet.ludikevent.fr, signature.ludikevent.fr, reservation.ludikevent.fr {
|
||||
# Logs applicatifs
|
||||
log {
|
||||
output file {{ path }}/var/log/caddy.log
|
||||
}
|
||||
|
||||
# Compression (Gzip + Zstd) pour la performance
|
||||
encode zstd gzip
|
||||
|
||||
tls {
|
||||
dns cloudflare KL6pZ-Z_12_zbnM2TtFDIsKM8A-HLPhU5GJJbKTW
|
||||
}
|
||||
@@ -10,44 +18,47 @@ etl.ludikevent.fr, intranet.ludikevent.fr, signature.ludikevent.fr, reservation.
|
||||
max_size 100MB
|
||||
}
|
||||
|
||||
# --- NO-INDEX MATCHER ---
|
||||
# --- SÉCURITÉ & HEADERS ---
|
||||
header {
|
||||
# Headers de sécurité
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "DENY"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
|
||||
# Masquer le serveur pour plus de discrétion
|
||||
-Server
|
||||
}
|
||||
|
||||
# --- ROBOTS TAGGING ---
|
||||
@noindex_hosts host intranet.ludikevent.fr signature.ludikevent.fr
|
||||
header @noindex_hosts X-Robots-Tag "noindex, nofollow"
|
||||
|
||||
@index_host host reservation.ludikevent.fr
|
||||
header @index_host -X-Robots-Tag
|
||||
|
||||
# --- REDIRECTIONS ---
|
||||
handle_path /utm_reserve.js {
|
||||
redir https://tools-security.esy-web.dev/script.js
|
||||
redir https://tools-security.esy-web.dev/script.js permanent
|
||||
}
|
||||
handle_path /ts.js {
|
||||
redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
|
||||
redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js permanent
|
||||
}
|
||||
# --- BLOC HEADER AVEC CSP ---
|
||||
header {
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "DENY"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
|
||||
# Injection des headers Cloudflare pour PHP
|
||||
# Cela permet à PHP de les lire via $_SERVER['HTTP_CF_CONNECTING_IP'] etc.
|
||||
CF-Connecting-IP {header.CF-Connecting-IP}
|
||||
CF-IPCountry {header.CF-IPCountry}
|
||||
CF-RegionCode {header.CF-RegionCode}
|
||||
CF-IPCity {header.CF-IPCity}
|
||||
X-Real-IP {remote_host}
|
||||
}
|
||||
# --- ASSETS & CACHE ---
|
||||
# Réécriture /assets -> /build (Vite/Webpack)
|
||||
handle_path /assets/* {
|
||||
rewrite * /build{path}
|
||||
}
|
||||
|
||||
# --- PHP FASTCGI ---
|
||||
# Ici, Caddy transmet automatiquement tous les headers définis ci-dessus au socket PHP
|
||||
php_fastcgi unix//run/php/php8.4-fpm.sock {
|
||||
read_timeout 300s
|
||||
write_timeout 300s
|
||||
dial_timeout 100s
|
||||
|
||||
# Optionnel : Forcer explicitement certains paramètres FastCGI si nécessaire
|
||||
# Transmission de l'IP réelle Cloudflare à PHP
|
||||
# Les autres headers Cloudflare (CF-Ray, etc.) sont transmis automatiquement
|
||||
env REMOTE_ADDR {header.CF-Connecting-IP}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user