New Caddyfile and more

I made a few significant changes on my blog. First, I have a new Caddyfile for Caddy:

},, {
	redir * https://{}.{}{path}
} {
	redir *{path}
}, {
	root * /srv/www/{host}/public/
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload; always"
		Public-Key-Pins "pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=\"; includeSubdomains; max-age=2629746;"
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Content-Security-Policy "default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; worker-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self'"
		Referrer-Policy "strict-origin"
		Feature-Policy "geolocation 'none';midi 'none'; sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'none';fullscreen 'self';payment 'none';"
		Expect-CT "max-age=604800"
	header /.well-known/openpgpkey/* {
		Content-Type application/octet-stream
		Access-Control-Allow-Origin *
	encode {

The new Caddyfile enables experimental HTTP3 support. Also I’ve added a few redirects to my new domain. All www prefix requests get redirected to their version without www prefix. My old domain redirects now to my new domain Also I had to add connect-src 'self' to my CSP, because Google Lighthouse seems to have problems with defalt-src 'none'. If just default-src 'none' is being set, Google Lighthouse can’t access your robots.txt. This seems to be an issue in the Google Lighthouse implementation, the Google Search Bot is not affected. You can test your robots.txt via:

await fetch(new URL('/robots.txt', location.href).href)

Feel free to follow this issue here:

The second change I has been adding a meta description for my blog and my blog articles. As you might know, I use hugo as static site generator and Hermit as Hugo theme. For Hermit I have submitted a patch that should fix the meta description issue. It looks as follows:

From 8b888604a401c60c2021c9dc771e20640a359baa Mon Sep 17 00:00:00 2001
From: Christian Rebischke <>
Date: Sun, 23 Feb 2020 22:48:16 +0100
Subject: [PATCH] add meta description for google lighthouse

 archetypes/        | 1 +
 archetypes/          | 1 +
 layouts/_default/baseof.html | 1 +
 3 files changed, 3 insertions(+)

diff --git a/archetypes/ b/archetypes/
index 63c1c63..c98b02a 100644
--- a/archetypes/
+++ b/archetypes/
@@ -2,6 +2,7 @@
 title: "{{ replace .Name "-" " " | title }}"
 date: {{ .Date }}
 draft: true
 comments: false
diff --git a/archetypes/ b/archetypes/
index fe05261..cade919 100644
--- a/archetypes/
+++ b/archetypes/
@@ -2,6 +2,7 @@
 title: "{{ replace .Name "-" " " | title }}"
 date: {{ .Date }}
 draft: true
 toc: false
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 7f09c90..9a8302f 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -9,6 +9,7 @@
 	<meta name="theme-color" content="{{.}}">
 	<meta name="msapplication-TileColor" content="{{.}}">
 	{{- end }}
+	<meta name="description" content="{{.Description | default .Site.Params.Description}}">
 	{{- partial "structured-data.html" . }}
 	{{- partial "favicons.html" }}

It adds a new description variable to all blog templates and adds the <meta name="description"> HTML tag to the base HTML file. It sets the websites default description if no description has been set. Feel free to have a look on the PR status here: