Caddy v2 configuration: Roundcube Docker PHP-FPM with rules from .htaccess

Following my previous post about Nextcloud’s Caddyfile configuration in Caddy v2, here I present you my (semi-opinionated) complete Roundcube’s (Docker PHP-FPM) Caddyfile configuration with .htaccess rules and explanations: {
	encode zstd gzip
	root * /var/www/roundcube # Notice the root directory is not /var/www/html, i've mounted this one in Docker

	header {
		Strict-Transport-Security max-age=31536000
		Permissions-Policy interest-cohort=()
		X-Content-Type-Options nosniff
		X-Frame-Options SAMEORIGIN
		Referrer-Policy no-referrer-when-downgrade
		X-XSS-Protection "1; mode=block"
		X-Robots-Tag "noindex, nofollow"

	# From .htaccess, deny access to sensible files and directories
	@forbidden {
		path /SQL/* /bin/* /config/* /logs/* /temp/* /tests/* /vendor/*
		path /program/include/* /program/lib/* /program/localization/* /program/steps/*
		path /.* /README.* /CHANGELOG.* /SECURITY.* /meta.json /composer.* /INSTALL /LICENSE /UPGRADING
		not path /.well-known/*
	error @forbidden 404

	# Enable cache-busting for versioned assets
	@immutable {
		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
		query s=*
	header @immutable Cache-Control "max-age=15778463, immutable"

	# Set cache for normal static files
	@cache {
		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
		not query s=*
	header @cache Cache-Control "max-age=15778463"

	# You can do PHP-FPM's TCP socket changing unix//... with :9000
	php_fastcgi unix//run/roundcube/roundcube.sock {
		root /var/www/html # This is needed because inside the container the root directory is different from the one I put in the "root" directive of this Caddyfile. If you don't change this, php-fpm will not be able to find the files to process.


I will try to keep it updated with upstream .htaccess. Feel free to correct/improve this configuration if needed.

I hope it is useful for somebody.