server-configs icon indicating copy to clipboard operation
server-configs copied to clipboard

Published 20 hours ago verified publisher icon h5bp

Create a H5BP boilerplate for Caddy server

Open dpantel opened this issue 1 year ago • 5 comments

Any thoughts on making a boilerplate config for Caddy server?

In my experience, Caddy is too easy to get up and running, but in reality is very complex in the way it works with a lot of "gotchas" that are horribly documented. A curated boilerplate to harden an installation would be nice.

dpantel avatar Jan 17 '24 16:01 dpantel

Thanks for opening this discussion @dpantel. I had already studied the feasibility of such a boilerplate for Caddy, but its configuration appeared to have too little parameters for an H5BP-style boilerplate. To be clear: H5BP is not tailored to help to configure host endpoints for a server, but more to match web standards globally (like MIME-types, compression style, HTTP headers). I might be wrong, but I don't think this is reasonably doable/relevant for Caddy.

What do you think?

LeoColomb avatar Jan 17 '24 18:01 LeoColomb

but its configuration appeared to have too little parameters for an H5BP-style boilerplate.

I am not sure what this line means.

As a newer browser, I think it's possible that Caddy is better at handling HTML5-related standards. But from past experience, and by browsing the repos today, I see that you guys also provide some security/hardening recommendations.

Caddy has some of those kinds of recommendations too:

https://caddyserver.com/docs/caddyfile/directives/header#examples https://dev.to/mariinkys/caddy-basic-configuration-193j https://paulbradley.dev/caddyfile-web-security-headers/

There is also room for other hardening options, such as restricting access to .git/ and the like.

I think those type of options are in the H5BP wheelhouse.

dpantel avatar Jan 17 '24 20:01 dpantel

Oh ok, I guess my previous investigation around that is a bit dated now! 😅 That sounds interested. Would you volunteer to join us building this boilerplate?

@roblarsen Would it be possible to create a new repository named server-configs-caddy (and its related team)? Maybe private for now.

LeoColomb avatar Jan 17 '24 21:01 LeoColomb

I am not opposed to helping, but my knowledge in this arena is pretty limited. That’s why I wanted you to build a boilerplate in the first place :)

dpantel avatar Jan 19 '24 02:01 dpantel

I let the invitation expire, sorry

dpantel avatar Jan 31 '24 19:01 dpantel