mirror of
https://github.com/searxng/searxng-docker.git
synced 2025-02-17 02:40:04 +00:00
5d066a4c63
Since this header is attached to each outgoing request the overall size is slightly increased by 300 bytes, we don't care if the site is allowed to play media in the background, so with the vast majority of features that have been added (and those that were already present)
85 lines
2.2 KiB
Caddyfile
85 lines
2.2 KiB
Caddyfile
{
|
|
admin off
|
|
|
|
log {
|
|
output stderr
|
|
format filter {
|
|
# Preserves fist 8 bits from IPv4 and 32 bits from IPv6
|
|
request>remote_ip ip_mask 8 32
|
|
request>client_ip ip_mask 8 32
|
|
|
|
# Remove identificable information
|
|
request>remote_port delete
|
|
request>headers delete
|
|
request>uri query {
|
|
delete url
|
|
delete h
|
|
delete q
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
{$SEARXNG_HOSTNAME:http://localhost}
|
|
|
|
tls {$SEARXNG_TLS:internal}
|
|
|
|
@api {
|
|
path /config
|
|
path /healthz
|
|
path /stats/errors
|
|
path /stats/checker
|
|
}
|
|
|
|
@static {
|
|
path /static/*
|
|
}
|
|
|
|
@imageproxy {
|
|
path /image_proxy
|
|
}
|
|
|
|
header {
|
|
# Force clients to use HTTPS
|
|
Strict-Transport-Security "max-age=31536000"
|
|
|
|
# Prevent MIME type sniffing from the declared Content-Type
|
|
X-Content-Type-Options "nosniff"
|
|
|
|
# Disable some browser features
|
|
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
|
|
|
|
# Set referrer policy
|
|
Referrer-Policy "no-referrer"
|
|
|
|
# X-Robots-Tag (comment to allow site indexing)
|
|
X-Robots-Tag "noindex, noarchive, nofollow"
|
|
|
|
# Remove "Server" header
|
|
-Server
|
|
}
|
|
|
|
header @api {
|
|
Access-Control-Allow-Methods "GET, OPTIONS"
|
|
Access-Control-Allow-Origin "*"
|
|
}
|
|
|
|
route {
|
|
# Caching
|
|
header Cache-Control "no-cache, no-store"
|
|
header @static Cache-Control "public, max-age=31536000"
|
|
|
|
# CSP (https://content-security-policy.com)
|
|
header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
|
header @imageproxy Content-Security-Policy "default-src 'none'; img-src 'self' data:"
|
|
}
|
|
|
|
# SearXNG (uWSGI)
|
|
reverse_proxy localhost:8080 {
|
|
header_up X-Forwarded-Port {http.request.port}
|
|
header_up X-Real-IP {http.request.remote.host}
|
|
|
|
# https://github.com/searx/searx-docker/issues/24
|
|
header_up Connection "close"
|
|
}
|