diff --git a/caddy/Caddyfile b/caddy/Caddyfile
new file mode 100644
index 0000000..27665ce
--- /dev/null
+++ b/caddy/Caddyfile
@@ -0,0 +1,71 @@
+{
+    email fake@mail.com
+    # Global options
+}
+
+(common_security_headers) {
+    header {
+        # Security headers
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        Permissions-Policy "geolocation=(), microphone=(), camera=()"
+        -Server  # Removes server header
+    }
+}
+
+speedyweedyops.org {
+    import common_security_headers
+
+    # Enable compression
+    encode zstd gzip
+
+    # Logging
+    log {
+        output stdout
+        format json
+    }
+
+    # Cache static assets
+    @static {
+        file
+        path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
+    }
+    header @static Cache-Control "public, max-age=5184000" # 60 days
+
+    # Reverse proxy to Varnish
+    reverse_proxy varnish:80 {
+        header_up X-Real-IP {remote}
+    }
+}
+
+git.speedyweedyops.org {
+    import common_security_headers
+
+    # Enable compression
+    encode zstd gzip
+
+    # Logging
+    log {
+        output stdout
+        format json
+    }
+
+    # Cache static assets
+    @static {
+        file
+        path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
+    }
+    header @static Cache-Control "public, max-age=5184000" # 60 days
+
+    # Reverse proxy to Varnish
+    reverse_proxy gitea:3000 {
+        header_up X-Real-IP {remote}
+    }
+}
+
+# Redirection from www subdomain to main domain
+www.speedyweedyops.org {
+    redir https://speedyweedyops.org{uri} permanent
+}
\ No newline at end of file