{
	http_port 80
	https_port 443

	email freya@freyacat.org
	acme_ca https://ca.in.freya.cat/acme/acme/directory
}

(logs) {
	log {
		output file /var/log/caddy.log {
			roll_size 10mb
			roll_keep 7
			roll_keep_for 720h
		}
	}
}

(headers) {
	#header ?Access-Control-Allow-Origin "*"
	header ?X-Content-Type-Options "nosniff"
	header Permissions-Policy "interest-cohort=()"
	header Referrer-Policy "same-origin"
	header Strict-Transport-Security "max-age=31536000"
}

(compression) {
	encode {
		gzip 6
		zstd
	}
}

(acme) {
	redir /.well-known/acme-challenge /.well-known/acme-challenge/
	handle_path /.well-known/acme-challenge/* {
		file_server browse
		root * /var/www/html/.well-known/acme-challenge
	}
}

(base) {
	import logs
	import headers
	import compression
	import acme
}

(http) {
	try_files {path}.html {path}
	file_server
}

(wellknown) {
	header ?Access-Control-Allow-Origin "*"
	redir /.well-known /.well-known/
	handle_path /.well-known/* {
		file_server browse
		root * /static/wellknown
	}
}

(protect) {
	forward_auth https://forward.auth.in.freya.cat {
		uri /
		header_up Host forward.auth.in.freya.cat
		copy_headers {
			X-Webauth-Username X-Webauth-Email X-Webauth-First-Name X-Webauth-Last-Name
		}
	}
}

import /etc/caddy/*.conf