12
12
13
13
# configure plugin order
14
14
# https://caddyserver.com/docs/caddyfile/directives#directive-order
15
- order gitpod.cors_origin before header
16
- order gitpod.workspace_download before redir
17
- order gitpod.headless_log_download before rewrite
18
- order gitpod.configcat before rewrite
19
- order gitpod.sec_websocket_key before header
15
+ order gitpod.cors_origin before header
16
+ order gitpod.workspace_download before redir
17
+ order gitpod.headless_log_download before rewrite
18
+ order gitpod.configcat before rewrite
19
+ order gitpod.sec_websocket_key before header
20
20
21
21
servers {
22
- protocols h1 h2 h2c
23
- }
22
+ protocols h1 h2 h2c
23
+ }
24
24
}
25
25
26
26
(compression) {
31
31
(security_headers) {
32
32
header {
33
33
# enable HSTS
34
- Strict-Transport-Security max-age=31536000
34
+ Strict-Transport-Security max-age=31536000
35
35
# disable clients from sniffing the media type
36
- X-Content-Type-Options nosniff
36
+ X-Content-Type-Options nosniff
37
37
# Define valid parents that may embed a page
38
- Content-Security-Policy "frame-ancestors 'self' https://*.{$GITPOD_DOMAIN} https://{$GITPOD_DOMAIN}"
38
+ Content-Security-Policy "frame-ancestors 'self' https://*.{$GITPOD_DOMAIN} https://{$GITPOD_DOMAIN}"
39
39
# keep referrer data off of HTTP connections
40
- Referrer-Policy no-referrer-when-downgrade
40
+ Referrer-Policy no-referrer-when-downgrade
41
41
# Enable cross-site filter (XSS) and tell browser to block detected attacks
42
- X-XSS-Protection "1; mode=block"
42
+ X-XSS-Protection "1; mode=block"
43
43
44
44
defer # delay changes
45
45
}
143
143
144
144
# public-api
145
145
api .{$GITPOD_DOMAIN} {
146
- log {
147
- level DEBUG
148
- output stdout
149
- }
146
+ log {
147
+ level DEBUG
148
+ output stdout
149
+ }
150
150
151
151
gitpod .cors_origin {
152
152
allowed_origins https:// {$GITPOD_DOMAIN}
@@ -155,7 +155,6 @@ api.{$GITPOD_DOMAIN} {
155
155
reverse_proxy public-api-server.{$KUBE_NAMESPACE} .{$KUBE_DOMAIN} :9002
156
156
}
157
157
158
-
159
158
# always redirect to HTTPS
160
159
http :// {
161
160
redir https:// {host}{uri} permanent
@@ -206,15 +205,15 @@ https://{$GITPOD_DOMAIN} {
206
205
}
207
206
208
207
@backend_wss {
209
- path /api/gitpod
208
+ path /api/gitpod
210
209
}
211
210
handle @backend_wss {
212
- gitpod .sec_websocket_key
211
+ gitpod .sec_websocket_key
213
212
214
- uri strip_prefix /api
215
- reverse_proxy server.{$KUBE_NAMESPACE} .{$KUBE_DOMAIN} :3000 {
216
- import upstream_headers
217
- }
213
+ uri strip_prefix /api
214
+ reverse_proxy server.{$KUBE_NAMESPACE} .{$KUBE_DOMAIN} :3000 {
215
+ import upstream_headers
216
+ }
218
217
}
219
218
220
219
@backend path /api/* /headless-logs/*
@@ -309,7 +308,7 @@ https://*.*.{$GITPOD_DOMAIN} {
309
308
import workspace_transport
310
309
import upstream_headers
311
310
312
- header_up X-WSProxy-Host {http.request.host}
311
+ header_up X-WSProxy-Host {http.request.host}
313
312
}
314
313
}
315
314
@@ -320,19 +319,19 @@ https://*.*.{$GITPOD_DOMAIN} {
320
319
import upstream_headers
321
320
322
321
header_up X-Gitpod-WorkspaceId {re.host.workspaceID}
323
- header_up X-Gitpod-Port {re.host.workspacePort}
324
- header_up X-WSProxy-Host {http.request.host}
322
+ header_up X-Gitpod-Port {re.host.workspacePort}
323
+ header_up X-WSProxy-Host {http.request.host}
325
324
}
326
325
}
327
326
328
- @workspace header_regexp host Host ^(?P<workspaceID>[a-z0-9][0-9a-z\-]+).ws(?P<location>-[a-z0-9]+)?.{$GITPOD_DOMAIN}
327
+ @workspace header_regexp host Host ^(?P<workspaceID>[a-z0-9][0-9a-z\-]+).ws(?P<location>-[a-z0-9]+)?.{$GITPOD_DOMAIN}
329
328
handle @workspace {
330
329
reverse_proxy https://ws-proxy. {$KUBE_NAMESPACE} .{$KUBE_DOMAIN} :9090 {
331
330
import workspace_transport
332
331
import upstream_headers
333
332
334
333
header_up X-Gitpod-WorkspaceId {re.host.workspaceID}
335
- header_up X-WSProxy-Host {http.request.host}
334
+ header_up X-WSProxy-Host {http.request.host}
336
335
}
337
336
}
338
337
0 commit comments