Create a H5BP boilerplate for Caddy server
dpantel opened this issue · 5 comments
Any thoughts on making a boilerplate config for Caddy server?
In my experience, Caddy is too easy to get up and running, but in reality is very complex in the way it works with a lot of "gotchas" that are horribly documented. A curated boilerplate to harden an installation would be nice.
Thanks for opening this discussion @dpantel.
I had already studied the feasibility of such a boilerplate for Caddy, but its configuration appeared to have too little parameters for an H5BP-style boilerplate.
To be clear: H5BP is not tailored to help to configure host endpoints for a server, but more to match web standards globally (like MIME-types, compression style, HTTP headers).
I might be wrong, but I don't think this is reasonably doable/relevant for Caddy.
What do you think?
but its configuration appeared to have too little parameters for an H5BP-style boilerplate.
I am not sure what this line means.
As a newer browser, I think it's possible that Caddy is better at handling HTML5-related standards. But from past experience, and by browsing the repos today, I see that you guys also provide some security/hardening recommendations.
Caddy has some of those kinds of recommendations too:
https://caddyserver.com/docs/caddyfile/directives/header#examples
https://dev.to/mariinkys/caddy-basic-configuration-193j
https://paulbradley.dev/caddyfile-web-security-headers/
There is also room for other hardening options, such as restricting access to .git/ and the like.
I think those type of options are in the H5BP wheelhouse.
Oh ok, I guess my previous investigation around that is a bit dated now! 😅
That sounds interested.
Would you volunteer to join us building this boilerplate?
@roblarsen Would it be possible to create a new repository named server-configs-caddy (and its related team)? Maybe private for now.
I am not opposed to helping, but my knowledge in this arena is pretty limited. That’s why I wanted you to build a boilerplate in the first place :)
I let the invitation expire, sorry