Following my previous post about Nextcloud’s Caddyfile configuration in Caddy v2, here I present you my (semi-opinionated) complete Roundcube’s (Docker PHP-FPM) Caddyfile configuration with .htaccess rules and explanations:
mail.example.com {
encode zstd gzip
root * /var/www/roundcube # Notice the root directory is not /var/www/html, i've mounted this one in Docker
header {
Strict-Transport-Security max-age=31536000
Permissions-Policy interest-cohort=()
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
X-Robots-Tag "noindex, nofollow"
-X-Powered-By
}
# From .htaccess, deny access to sensible files and directories
@forbidden {
path /SQL/* /bin/* /config/* /logs/* /temp/* /tests/* /vendor/*
path /program/include/* /program/lib/* /program/localization/* /program/steps/*
path /.* /README.* /CHANGELOG.* /SECURITY.* /meta.json /composer.* /INSTALL /LICENSE /UPGRADING
not path /.well-known/*
}
error @forbidden 404
# Enable cache-busting for versioned assets
@immutable {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
query s=*
}
header @immutable Cache-Control "max-age=15778463, immutable"
# Set cache for normal static files
@cache {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
not query s=*
}
header @cache Cache-Control "max-age=15778463"
# You can do PHP-FPM's TCP socket changing unix//... with :9000
php_fastcgi unix//run/roundcube/roundcube.sock {
root /var/www/html # This is needed because inside the container the root directory is different from the one I put in the "root" directive of this Caddyfile. If you don't change this, php-fpm will not be able to find the files to process.
}
file_server
}
I will try to keep it updated with upstream .htaccess. Feel free to correct/improve this configuration if needed.
I hope it is useful for somebody.