diff --git a/03frontends.cfg b/03frontends.cfg index 3dfec3d..841bcaa 100644 --- a/03frontends.cfg +++ b/03frontends.cfg @@ -310,6 +310,7 @@ frontend frontend_default acl laminar hdr(host) -i laminar.benoit.jp.net acl linkding hdr(host) -i linkding.benoit.jp.net acl mailcow hdr(host) -i mail.benoit.jp.net + acl mailcow-backup hdr(host) -i mail-backup.benoit.jp.net acl mastodon hdr(host) -i mastodon.benoit.jp.net acl miniflux hdr(host) -i miniflux.benoit.jp.net acl navidrome hdr(host) -i navidrome.benoit.jp.net @@ -325,6 +326,7 @@ frontend frontend_default http-request deny if adguard !JP !SG !letsencrypt !allowed_ips http-request deny if kanboard !JP !SG !letsencrypt !allowed_ips http-request deny if mailcow !JP !SG !letsencrypt !allowed_ips + http-request deny if mailcow-backup !JP !SG !letsencrypt !allowed_ips http-request deny if miniflux !JP !SG !letsencrypt !allowed_ips http-request deny if navidrome !JP !SG !letsencrypt !allowed_ips http-request deny if photoprism !JP !SG !letsencrypt !allowed_ips @@ -338,6 +340,7 @@ frontend frontend_default use_backend letsencrypt if letsencrypt use_backend linkding if linkding use_backend mailcow if mailcow + use_backend mailcow-backup if mailcow-backup use_backend mastodon if mastodon use_backend miniflux if miniflux use_backend navidrome if navidrome diff --git a/05backends.cfg b/05backends.cfg index df7036b..b42c79d 100644 --- a/05backends.cfg +++ b/05backends.cfg @@ -138,6 +138,16 @@ backend mailcow http-response set-header Cross-Origin-Resource-Policy "same-origin" server mailcow mailcow.incus:80 check +backend mailcow-backup + # set HSTS for one year after all responses + http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # add some Security headers + http-response set-header X-Frame-Options "SAMEORIGIN" + http-response set-header X-Content-Type-Options "nosniff" + http-response set-header Referrer-Policy "strict-origin-when-cross-origin" + http-response set-header Cross-Origin-Resource-Policy "same-origin" + server mailcow-backup mxmon:80 check + backend uptime-kuma # set HSTS for one year after all responses http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"