Error during parsing: Unknown directive 'Strict-Transport-Security


(Avinash H Duduskar) #1

Need help understanding why this caddyfile config fails.
If I remove the Header and MIME sections, it works.

Conf - https://gist.githubusercontent.com/Strykar/bc6979f2af4ff30481eed92957625ee7/raw/3851e318030b0c6b01b1acc0bac864f134b5c0e9/smokeping.conf


(Gorian) #2

The header directive has to be inside a server block directive. You can use templates to share one header config many times. See here.

for example, try this:

(defaults){
    header / {
        Strict-Transport-Security "max-age=31536000;"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Expect-CT "enforce; max-age=3600"
        X-POP-Tag "GCP-MUM-SEA1"
        Referrer-Policy "no-referrer-when-downgrade"
        Content-Security-Policy "
        default-src 'self';
        style-src 'self' bootstrapcdn.com *.bootstrapcdn.com wrtpoona.in *.wrtpoona.in;
        script-src 'self' bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com wrtpoona.in *.wrtpoona.in;
        font-src 'self' bootstrapcdn.com *.bootstrapcdn.com wrtpoona.in *.wrtpoona.in;
        img-src data: 'self' imgur.com *.imgur.com wrtpoona.in *.wrtpoona.in;
        form-action 'self';
        connect-src 'self' pokeapi.co wrtpoona.in *.wrtpoona.in;
        frame-ancestors 'none';
        report-uri {$CSP_REPORT_URI}
        "
    }

    mime {
        .atom application/atom+xml
        .json application/json
        .map application/json
        .topojson application/json
        .jsonld application/ld+json
        .rss application/rss+xml
        .geojson application/vnd.geo+json
        .rdf application/xml
        .xml application/xml
        .js application/javascript
        .webmanifest application/manifest+json
        .webapp application/x-web-app-manifest+json
        .appcache text/cache-manifest
        .mid audio/midi
        .midi audio/midi
        .kar audio/midi
        .aac audio/mp4
        .f4a audio/mp4
        .f4b audio/mp4
        .m4a audio/mp4
        .mp3 audio/mpeg
        .oga audio/ogg
        .ogg audio/ogg
        .opus audio/ogg
        .ra audio/x-realaudio
        .wav audio/x-wav
        .bmp image/bmp
        .gif image/gif
        .jpeg image/jpeg
        .jpg image/jpeg
        .png image/png
        .svg image/svg+xml
        .svgz image/svg+xml
        .tif image/tiff
        .tiff image/tiff
        .wbmp image/vnd.wap.wbmp
        .webp image/webp
        .jng image/x-jng
        .3gp video/3gpp
        .3gpp video/3gpp
        .f4p video/mp4
        .f4v video/mp4
        .m4v video/mp4
        .mp4 video/mp4
        .mpeg video/mpeg
        .mpg video/mpeg
        .ogv video/ogg
        .mov video/quicktime
        .webm video/webm
        .flv video/x-flv
        .mng video/x-mng
        .asf video/x-ms-asf
        .asx video/x-ms-asf
        .wmv video/x-ms-wmv
        .avi video/x-msvideo
        .cur image/x-icon
        .ico image/x-icon
        .doc application/msword
        .xls application/vnd.ms-excel
        .ppt application/vnd.ms-powerpoint
        .docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
        .xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
        .pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
        .woff application/font-woff
        .woff2 application/font-woff2
        .eot application/vnd.ms-fontobject
        .ttc application/x-font-ttf
        .ttf application/x-font-ttf
        .otf font/opentype
        .ear application/java-archive
        .jar application/java-archive
        .war application/java-archive
        .hqx application/mac-binhex40
        .bin application/octet-stream
        .deb application/octet-stream
        .dll application/octet-stream
        .dmg application/octet-stream
        .exe application/octet-stream
        .img application/octet-stream
        .iso application/octet-stream
        .msi application/octet-stream
        .msm application/octet-stream
        .msp application/octet-stream
        .safariextz application/octet-stream
        .pdf application/pdf
        .ai application/postscript
        .eps application/postscript
        .ps application/postscript
        .rtf application/rtf
        .kml application/vnd.google-earth.kml+xml
        .kmz application/vnd.google-earth.kmz
        .wmlc application/vnd.wap.wmlc
        .7z application/x-7z-compressed
        .bbaw application/x-bb-appworld
        .torrent application/x-bittorrent
        .crx application/x-chrome-extension
        .cco application/x-cocoa
        .jardiff application/x-java-archive-diff
        .jnlp application/x-java-jnlp-file
        .run application/x-makeself
        .oex application/x-opera-extension
        .pl application/x-perl
        .pm application/x-perl
        .pdb application/x-pilot
        .prc application/x-pilot
        .rar application/x-rar-compressed
        .rpm application/x-redhat-package-manager
        .sea application/x-sea
        .swf application/x-shockwave-flash
        .sit application/x-stuffit
        .tcl application/x-tcl
        .tk application/x-tcl
        .crt application/x-x509-ca-cert
        .der application/x-x509-ca-cert
        .pem application/x-x509-ca-cert
        .xpi application/x-xpinstall
        .xhtml application/xhtml+xml
        .xsl application/xslt+xml
        .zip application/zip
        .css text/css
        .htm text/html
        .html text/html
        .shtml text/html
        .mml text/mathml
        .txt text/plain
        .vcard text/vcard
        .vcf text/vcard
        .xloc text/vnd.rim.location.xloc
        .jad text/vnd.sun.j2me.app-descriptor
        .wml text/vnd.wap.wml
        .vtt text/vtt
        .htc text/x-component
    }
}

bom.wrtpoona.in {
    import defaults
    log stdout
    errors
    tls strykar@hotmail.com

    root /srv/http/smokeping

    fastcgi / unix:/var/run/fcgiwrap.sock {
        env SCRIPT_FILENAME /srv/http/smokeping/smokeping.fcgi.dist
    }
}

(Avinash H Duduskar) #3

Thank you, I didn’t know that, fixed!