feat(Caddyfile): improve Caddy performance

Alcides Ramos · Alcides Ramos · commit 5938da25778e · 2025-02-03T08:23:52.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 # STAGE: BASE-IMAGE
 #----------------------------------------------------------
 
-FROM php:8.3.12-fpm-alpine AS base-image
+FROM php:8.3.3-fpm-alpine AS base-image
 
 #----------------------------------------------------------
 # STAGE: COMMON
diff --git a/Makefile b/Makefile
@@ -249,6 +249,4 @@ open-website: ## Application: open the application website
 	$(call taskDone)
 
 .PHONY: init
-init: build install-caddy-certificate ## Application: initializes the application
-	$(call showInfo,"When ready just execute [ make open-website ] to visit the website with your preferred browser")
-	$(call taskDone)
+init: build install-caddy-certificate open-website ## Application: initializes the application
diff --git a/build/Caddyfile b/build/Caddyfile
@@ -1,19 +1,94 @@
+{
+    admin off
+}
+
 (common) {
-	encode zstd gzip
+    encode zstd gzip
+
     file_server
+
+    respond /healthcheck "UP" 200
 }
 
 (ssl) {
-    tls internal
+    tls {$TLS} {
+        on_demand
+    }
 }
 
-{$HOSTNAME} {
+(custom_domain) {
     import common
     import ssl
 
-    respond /healthcheck 200
+    ###
+    # Domain related
+    ###
 
-    root * /var/www/html/public
+    @strip_www {
+        header_regexp www Host ^www\.(.*)$
+    }
+    redir @strip_www https://{http.regexp.www.1}{uri}
+
+    ###
+    # Cache
+    ###
+
+    header {
+        Cache-Control "public, max-age=31536000"
+    }
+
+    @static {
+        file
+        path *.avif *.ico *.css *.js *.gz *.eot *.ttf *.otf *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf
+    }
+    header @static Cache-Control "max-age=31536000,public,inmutable"
+
+    @html {
+        path *.html *.htm
+    }
+    header @html {
+        Cache-Control "public, max-age=43200"
+    }
+
+    ###
+    # Security
+    ###
+
+    header {
+        Strict-Transport-Security "max-age=31536000;includeSubDomains;preload"
+        X-Frame-Options "SAMEORIGIN"
+        X-Xss-Protection "1;mode=block"
+        Referrer-Policy "no-referrer-when-downgrade"
+        X-Content-Type-Options "nosniff"
+        Permissions-Policy "autoplay=(self),camera=(),geolocation=(),microphone=(),payment=(),usb=()"
+
+        # Review
+        #?Content-Security-Policy "default-src 'self';script-src 'self';style-src 'self'"
+    }
+
+    @requestMethodsList {
+        not method GET HEAD POST OPTIONS
+    }
+    respond @requestMethodsList "Not Allowed" 405 {
+        close
+    }
+
+    ###
+    # 404
+    ###
+
+    @static_404 {
+        path_regexp \.(jpg|jpeg|png|webp|gif|avif|ico|svg|css|js|gz|eot|ttf|otf|woff|woff2|pdf)$
+        not file
+    }
+
+    respond @static_404 "Not Found" 404 {
+        close
+    }
+
+    ###
+    # PHP-FPM
+    ###
 
     php_fastcgi {$PHP_FPM_GATEWAYS} {
         index index.php
@@ -23,3 +98,13 @@
         lb_policy round_robin
     }
 }
+
+:80 {
+    import common
+    import ssl
+}
+
+{$HOSTNAME}, www.{$HOSTNAME} {
+    import custom_domain
+    root * /var/www/html/public
+}
diff --git a/docker-compose.override.prod.yml b/docker-compose.override.prod.yml
@@ -1,6 +1,8 @@
 services:
     caddy:
         environment:
+            - TLS=internal
+            - HOSTNAME=localhost
             - PHP_FPM_GATEWAYS=app1:9000 app2:9000
         depends_on:
             app1:
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,6 +8,7 @@ services:
         image: caddy:2.8.4-alpine
         restart: unless-stopped
         environment:
+            - TLS=internal
             - HOSTNAME=localhost
             - PHP_FPM_GATEWAYS=app1:9000
         volumes:
