"Updates"

Updates
2026-02-02 02:40:54 +01:00 · 2026-02-02 01:29:43 +01:00 · 2026-02-01 21:02:41 +01:00 · 2026-02-01 12:59:44 +01:00
3 changed files with 58 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
 # BikiniBottom

-![BikiniBottom](scanopy-topology-2026-01-14.png)
+![BikiniBottom](scanopy-topology-2026-02-02.png)

--- a/installs_on_host/Caddyfile
+++ b/installs_on_host/Caddyfile
@@ -445,6 +445,50 @@ search.delmar.bzh
                gzip
                minimum_length 1024
        }
+        @api {
+                path /config
+                path /healthz
+                path /stats/errors
+                path /stats/checker
+        }
+        @static {
+                path /static/*
+        }
+        @imageproxy {
+                path /image_proxy
+        }
+        header {
+                # CSP (https://content-security-policy.com)
+                Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
+
+                # Disable browser features
+                Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
+
+                # Only allow same-origin requests
+                Referrer-Policy "same-origin"
+
+                # Prevent MIME type sniffing from the declared Content-Type
+                X-Content-Type-Options "nosniff"
+
+                # Comment header to allow indexing by search engines
+                X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
+
+                # enable HSTS
+                # WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
+
+                # Strict-Transport-Security max-age=15768000;
+
+                # Remove "Server" header
+                -Server
+                Access-Control-Allow-Methods "GET, OPTIONS"
+                Access-Control-Allow-Origin "*"
+        }
+        route {
+                # Cache policy
+                header Cache-Control "no-cache"
+                header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
+                header @imageproxy Cache-Control "public, max-age=3600"
+        }
        reverse_proxy patrick:23485
 }

@@ -574,5 +618,17 @@ zik.delmar.bzh {
                gzip
                minimum_length 1024
        }
-        reverse_proxy patrick:4533
+        reverse_proxy patrick:32773
+        basic_auth / {
+                admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
+        }
+}
+
+muzik.delmar.bzh {
+        encode {
+                zstd
+                gzip
+                minimum_length 1024
+        }
+        reverse_proxy patrick:32785
 }
--- a/scanopy-topology-2026-02-02.png
+++ b/scanopy-topology-2026-02-02.png
Author	SHA1	Message	Date
julien	8d943a3899	"Updates"	2026-02-02 02:40:54 +01:00
julien	03e352b742	"Updates"	2026-02-02 01:29:43 +01:00
julien	1c78e6c45f	Updates	2026-02-01 21:02:41 +01:00
julien	1a5c941725	"Updates"	2026-02-01 12:59:44 +01:00