Add mastodon

03frontends.cfg

@@ -289,14 +289,16 @@ frontend frontend_default
   http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] code 301 if { hdr_beg(host) -i www. }
 
   acl letsencrypt path_beg /.well-known/acme-challenge/
-  
+
   acl laminar hdr(host) -i laminar.benoit.jp.net
   acl forgejo hdr(host) -i forgejo.benoit.jp.net
+  acl mastodon hdr(host) -i mastodon.benoit.jp.net
   #http-request deny if flux !JP !letsencrypt
   #http-request deny if dns !JP !SG !letsencrypt
-  
+
   use_backend letsencrypt if letsencrypt
   use_backend laminar if laminar
   use_backend forgejo if forgejo
+  use_backend mastodon if mastodon
 
   default_backend default

05backends.cfg

@@ -23,4 +23,14 @@ backend forgejo
   http-response set-header X-Content-Type-Options "nosniff"
   http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
   http-response set-header Cross-Origin-Resource-Policy "same-origin"
-  server laminar forgejo.incus:3000 check
+  server forgejo forgejo.incus:3000 check
+
+backend forgejo
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server mastodon mastodon.incus:80 send-proxy check