67225a39fa
Config policies (16 files): alert_routing, architecture_pressure, backlog, cost_weights, data_governance, incident_escalation, incident_intelligence, network_allowlist, nodes_registry, observability_sources, rbac_tools_matrix, release_gate, risk_attribution, risk_policy, slo_policy, tool_limits, tools_rollout Ops (22 files): Caddyfile, calendar compose, grafana voice dashboard, deployments/incidents logs, runbooks for alerts/audit/backlog/incidents/sofiia/voice, cron jobs, scripts (alert_triage, audit_cleanup, migrate_*, governance, schedule), task_registry, voice alerts/ha/latency/policy Docs (30+ files): HUMANIZED_STEPAN v2.7-v3 changelogs and runbooks, NODA1/NODA2 status and setup, audit index and traces, backlog, incident, supervisor, tools, voice, opencode, release, risk, aistalk, spacebot Made-with: Cursor
39 lines
927 B
Caddyfile
39 lines
927 B
Caddyfile
# Caddyfile for Radicale CalDAV Server
|
|
|
|
# Global options
|
|
{
|
|
email {$CADDY_ACME_EMAIL:admin@daarion.space}
|
|
on_demand_tls
|
|
}
|
|
|
|
# HTTP to HTTPS redirect
|
|
http:// {
|
|
redir https://{host}{uri} 308
|
|
}
|
|
|
|
# CalDAV HTTPS endpoint
|
|
https://caldav.daarion.space {
|
|
# Reverse proxy to Radicale
|
|
reverse_proxy radicale:5232
|
|
|
|
# Security headers
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Content-Security-Policy "default-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'"
|
|
}
|
|
|
|
# Basic auth for Radicale
|
|
basic_auth {
|
|
{$CADDY_BASIC_AUTH}
|
|
}
|
|
|
|
# TLS settings
|
|
tls {
|
|
min_version tls1.2
|
|
cipher_suites TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
}
|
|
}
|