{
    email fake@mail.com
    # Global options
}

(common_security_headers) {
    header {
        # Security headers
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Referrer-Policy "strict-origin-when-cross-origin"
        Permissions-Policy "geolocation=(), microphone=(), camera=()"
        -Server  # Removes server header
    }
}

speedyweedyops.org {
    import common_security_headers

    # Enable compression
    encode zstd gzip

    # Logging
    log {
        output stdout
        format json
    }

    # Cache static assets
    @static {
        file
        path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
    }
    header @static Cache-Control "public, max-age=5184000" # 60 days

    # Reverse proxy to Varnish
    reverse_proxy varnish:80 {
        header_up X-Real-IP {remote}
    }
}

git.speedyweedyops.org {
    import common_security_headers

    # Enable compression
    encode zstd gzip

    # Logging
    log {
        output stdout
        format json
    }

    # Cache static assets
    @static {
        file
        path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
    }
    header @static Cache-Control "public, max-age=5184000" # 60 days

    # Reverse proxy to Varnish
    reverse_proxy gitea:3000 {
        header_up X-Real-IP {remote}
    }
}

# Redirection from www subdomain to main domain
www.speedyweedyops.org {
    redir https://speedyweedyops.org{uri} permanent
}