1. Caddy version (caddy version
):
:latest
2. How I run Caddy:
docker-compose
a. System environment:
Ubuntu
b. Command:
sudo docker-compose up
c. Service/unit/compose file:
version: "3.8"
services:
caddy:
container_name: caddy
image: caddy:latest
restart: always
environment:
- PUID=1000
- PGID=1000
- GHOST=domain.com
security_opt:
- no-new-privileges:true
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/caddy_data:/data
- ./caddy/caddy_config:/config
ports:
- “80:80”
- “443:443”
paste full file contents here
d. My complete Caddyfile or JSON config:
# GLOBAL
{
# Global options block. Entirely optional, https is on by default
# Optional email key for lets encrypt
email email@com
# Optional staging lets encrypt for testing. Comment out for production.
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
# SECURITY CONFIG
respond /forbidden "Access denied" 403 {
close
}
# deny all access to these folders
@denied_folders {
path_regexp /(.github|cache|bin|logs|backups|tests|content|core)/.*$
}
rewrite @denied_folders /forbidden
# deny running scripts inside core system folders
@denied_system_scripts {
path_regexp /(core|content|test|system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat|yml|js)$
}
rewrite @denied_system_scripts /forbidden
# deny running scripts inside user folder
@denied_user_folder {
path_regexp /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat|yml|js)$
}
rewrite @denied_user_folder /forbidden
# deny access to specific files in the root folder
@denied_root_folder {
path_regexp /(config.production.json|config.development.json|index.js|package.json|renovate.json|yarn.lock|.editorconfig|.eslintignore|.eslintrc.json|.gitattributes|.gitignore|.gitmodules|.npmignore|Gruntfile.js|LICENSE|MigratorConfig.js|LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)
}
rewrite @denied_root_folder /forbidden
# block bad crawlers
@badbots {
header User-Agent "*watch*,*explorer*,*pock*,*link*,*vacuum*,*anonym*,*mag-net*,*searchbot*,*seek*,*tool*,*robot*,*szukacz*,*snoop*,*power*,*takeout*,*teleport*,*superbot*,*scan*,*track*,*offline*,*nextgen*,*keyword*,*backweb*,*bandit*,*easydl*,*zip*,*email*,*enhancer*,*ftp*,*fetch*,*auto*,*clip*,*copier*,*master*,*reaper*,*sauger*,*quester*,*whack*,*craftbot*,*download*,*extract*,*stripper*,*sucker*,*ninja*,*clshttp*,*spider*,*leacher*,*collector*,*grabber*,*webpictures*,*file*,*intel*,*loader*,*nameprotect*,*mirror*,*magnet*"
}
rewrite @badbots /forbidden
# Global rewrite
try_files {path} {path}/ /index.*
# SNIPPETS
(mustheaders) {
header {
Strict-Transport-Security "max-age=31536000; includesubdomains; preload"
Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval'"
X-Content-Type-Options "nosniff"
Cache-Control "public, max-age=604800, must-revalidate"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "strict-origin-when-cross-origin"
X-Xss-Protection "1; mode=block"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
Expect-CT "max-age=604800"
-Server
}
}
(offlinewebsite) {
header {
X-Robots-Tag "noindex, nofollow, noarchive, nosnippet, notranslate, noimageindex"
}
}
(onlinewebsite) {
header {
X-Robots-Tag "noarchive, notranslate"
}
}
(proxy) {
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-For {remote}
header_up X-Real-IP {remote}
header_down X-Powered-By "the Holy Spirit"
header_down Server "CERN httpd"
}
(compression) {
encode zstd gzip
}
# STRIP WWW PREFIX
www.{$GHOST} {
redir * https://{http.request.host.labels.1}.{http.request.host.labels.0}{path} permanent
}
# WEBSITES
{$GHOST} {
import mustheaders
import offlinewebsite
reverse_proxy 10.0.0.6:2366 {
import proxy
}
log {
output file /var/log/caddy/caddy.log
format single_field common_log
}
}
3. The problem I’m having:
caddy thinks the “mustheaders” is a file not the snippet.
4. Error messages and/or full log output:
{“level”:“info”,“ts”:1612532800.0255752,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy | run: adapting config using caddyfile: /etc/caddy/Caddyfile:97 - Error during parsing: File to import not found: mustheaders