Moved from Apache to Caddy and RSA to EC TLS for WordPress

^ Qualys SSL Labs test for yawnbox.com

^ Security Headers (dot-IO) test for yawnbox.com

With very special thanks to this guide, Running WordPress with Caddy. I was also able to remove several unnecessary PHP applications that Apache needed.

Here’s my Caddyfile:

www.yawnbox.com {
        redir https://yawnbox.com{uri}
        }

yawnbox.com {
        root /var/www/
        log stdout
        errors stderr

header / {
	Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'"
	Referrer-Policy "strict-origin, strict-origin-when-cross-origin"
        Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        }

fastcgi / /var/run/php/php7.1-fpm.sock {
        ext .php
        split .php
        index index.php
        }

rewrite / {
        to {path} {path}/ /index.php?{query}
        }

tls / {
        protocols tls1.2
        curves p384
        key_type p384
        }
}