54 lines
1.7 KiB
Django/Jinja
54 lines
1.7 KiB
Django/Jinja
intranet.ludikevent.fr, signature.ludikevent.fr, reservation.ludikevent.fr {
|
|
tls {
|
|
dns cloudflare KL6pZ-Z_12_zbnM2TtFDIsKM8A-HLPhU5GJJbKTW
|
|
}
|
|
|
|
root * {{ path }}/public
|
|
file_server
|
|
|
|
request_body {
|
|
max_size 100MB
|
|
}
|
|
|
|
# --- NO-INDEX MATCHER ---
|
|
@noindex_hosts host intranet.ludikevent.fr signature.ludikevent.fr
|
|
header @noindex_hosts X-Robots-Tag "noindex, nofollow"
|
|
|
|
@index_host host reservation.ludikevent.fr
|
|
header @index_host -X-Robots-Tag
|
|
|
|
handle_path /utm_reserve.js {
|
|
redir https://tools-security.esy-web.dev/script.js
|
|
}
|
|
handle_path /ts.js {
|
|
redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
|
|
}
|
|
# --- BLOC HEADER AVEC CSP ---
|
|
header {
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Injection des headers Cloudflare pour PHP
|
|
# Cela permet à PHP de les lire via $_SERVER['HTTP_CF_CONNECTING_IP'] etc.
|
|
CF-Connecting-IP {header.CF-Connecting-IP}
|
|
CF-IPCountry {header.CF-IPCountry}
|
|
CF-RegionCode {header.CF-RegionCode}
|
|
CF-IPCity {header.CF-IPCity}
|
|
X-Real-IP {remote_host}
|
|
}
|
|
handle_path /assets/* {
|
|
rewrite * /build{path}
|
|
}
|
|
# --- PHP FASTCGI ---
|
|
# Ici, Caddy transmet automatiquement tous les headers définis ci-dessus au socket PHP
|
|
php_fastcgi unix//run/php/php8.4-fpm.sock {
|
|
read_timeout 300s
|
|
write_timeout 300s
|
|
dial_timeout 100s
|
|
|
|
# Optionnel : Forcer explicitement certains paramètres FastCGI si nécessaire
|
|
env REMOTE_ADDR {header.CF-Connecting-IP}
|
|
}
|
|
}
|