Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a H5BP boilerplate for Caddy server #180

Open
dpantel opened this issue Jan 17, 2024 · 5 comments
Open

Create a H5BP boilerplate for Caddy server #180

dpantel opened this issue Jan 17, 2024 · 5 comments

Comments

@dpantel
Copy link

dpantel commented Jan 17, 2024
edited by LeoColomb

Any thoughts on making a boilerplate config for Caddy server?

In my experience, Caddy is too easy to get up and running, but in reality is very complex in the way it works with a lot of "gotchas" that are horribly documented. A curated boilerplate to harden an installation would be nice.
@LeoColomb
Copy link
Member

Thanks for opening this discussion @dpantel.
I had already studied the feasibility of such a boilerplate for Caddy, but its configuration appeared to have too little parameters for an H5BP-style boilerplate.
To be clear: H5BP is not tailored to help to configure host endpoints for a server, but more to match web standards globally (like MIME-types, compression style, HTTP headers).
I might be wrong, but I don't think this is reasonably doable/relevant for Caddy.

What do you think?

@dpantel
Copy link
Author

dpantel commented Jan 17, 2024
edited

but its configuration appeared to have too little parameters for an H5BP-style boilerplate.

I am not sure what this line means.

As a newer browser, I think it's possible that Caddy is better at handling HTML5-related standards. But from past experience, and by browsing the repos today, I see that you guys also provide some security/hardening recommendations.

Caddy has some of those kinds of recommendations too:

https://caddyserver.com/docs/caddyfile/directives/header#examples
https://dev.to/mariinkys/caddy-basic-configuration-193j
https://paulbradley.dev/caddyfile-web-security-headers/

There is also room for other hardening options, such as restricting access to .git/ and the like.

I think those type of options are in the H5BP wheelhouse.

@LeoColomb
Copy link
Member

Oh ok, I guess my previous investigation around that is a bit dated now! 😅
That sounds interested.
Would you volunteer to join us building this boilerplate?

@roblarsen Would it be possible to create a new repository named server-configs-caddy (and its related team)? Maybe private for now.

@dpantel
Copy link
Author

dpantel commented Jan 19, 2024

I am not opposed to helping, but my knowledge in this arena is pretty limited. That’s why I wanted you to build a boilerplate in the first place :)

@LeoColomb LeoColomb changed the title Caddy? Create a H5BP boilerplate for Caddy server Jan 19, 2024
@dpantel
Copy link
Author

dpantel commented Jan 31, 2024

I let the invitation expire, sorry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LeoColomb @dpantel