Improve security

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

Makefile

@@ -13,7 +13,7 @@
 
 DOCKER := docker
 
-PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup syncthing openssh
+PROFILES := caddy wordpress gitea adminer uptime-kuma qbittorrent jellyfin watchtower backup syncthing openssh
 PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
 
 COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /')

caddy/Caddyfile

@@ -8,8 +8,8 @@
 	}
 }
 
-import bensuperpc.org/Caddyfile
-import bensuperpc.com/Caddyfile
-import bensuperpc.net/Caddyfile
-import bensuperpc.ovh/Caddyfile
-import bensuperpc.fr/Caddyfile
+import bensuperpc.org/*
+import bensuperpc.com/*
+import bensuperpc.net/*
+import bensuperpc.ovh/*
+import bensuperpc.fr/*

caddy/bensuperpc.net/Caddyfile

@@ -5,3 +5,15 @@ bensuperpc.net {
 www.bensuperpc.net {
 	redir https://www.bensuperpc.org{uri} permanent
 }
+
+git.bensuperpc.net {
+	redir https://git.bensuperpc.org{uri} permanent
+}
+
+jellyfin.bensuperpc.net {
+	redir https://jellyfin.bensuperpc.org{uri} permanent
+}
+
+uptimekuma.bensuperpc.net {
+	redir https://uptimekuma.bensuperpc.org{uri} permanent
+}

docker-compose.caddy.yml

@@ -20,19 +20,17 @@ services:
       - infra-network
     env_file:
       - env/caddy.env
-    cap_add:
-      - NET_ADMIN
     security_opt:
       - no-new-privileges:true
-    #    cap_drop:
-    #      - ALL
-    #    cap_add:
-    #      - CHOWN
-    #      - FOWNER
-    #      - DAC_OVERRIDE
-    #      - SETGID
-    #      - SETUID
-    #      - NET_BIND_SERVICE
+    cap_drop:
+      - ALL
+    cap_add:
+#      - CHOWN
+#      - FOWNER
+#      - DAC_OVERRIDE
+#      - SETGID
+#      - SETUID
+      - NET_BIND_SERVICE
     healthcheck:
       test: pidof caddy || exit 1
       interval: 120s