Caddy Webserver

t322.demolah.com { root * /var/www/t322/public # Laravel route handling: only rewrite if file doesn't exist handle { @notStatic { not file } rewrite @notStatic /index.php php_fastcgi unix//run/php/php8.4-fpm.sock file_server encode zstd gzip } header { # Prevent clickjacking X-Frame-Options "SAMEORIGIN" # Prevent XSS attacks X-XSS-Protection "1; mode=block" # Block content sniffing X-Content-Type-Options "nosniff" # Enable HSTS (force HTTPS in browsers) Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" # Referrer policy (less data leakage) Referrer-Policy no-referrer-when-downgrade # Referrer-Policy "strict-origin-when-cross-origin" # Content Security Policy (optional - adjust for your use case) Content-Security-Policy " default-src 'self'; img-src * data:; font-src 'self' https://t322.demolah.com https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; " # Disable FLoC Permissions-Policy "interest-cohort=()" # Remove server version (optional) -Server Caddy } @staticFiles { path *.js *.css *.png *.jpg *.jpeg *.gif *.svg *.woff2 *.woff *.ttf *.eot } header @staticFiles { Cache-Control "public, max-age=31536000, immutable" } log { output file /var/log/caddy/t322.demolah.com.access.log { roll_size 10mb roll_keep 5 roll_keep_for 720h } # Log format: JSON or common format json } } 
 ## tips: 
 kalau depan ada cloudflare 
 ### ssl/tls 
 
 overview guna strict mode 
 
 ### edge  
 
 always user https matikan,  
 automatic https rewrites matikan