# Example configuration file for running Caddy2 in front of Epicyon

YOUR_DOMAIN {
  tls USER@YOUR_DOMAIN

  header {
    Strict-Transport-Security "max-age=31556925"
    Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'"
    X-Content-Type-Options "nosniff"
    X-Download-Options "noopen"
    X-Frame-Options "DENY"
    X-Permitted-Cross-Domain-Policies "none"
    X-XSS-Protection "1; mode=block"
  }

  route /newsmirror/* {
    root * /var/www/YOUR_DOMAIN
    file_server
  }

  route /* {
    reverse_proxy http://127.0.0.1:7156
  }

  encode zstd gzip
}

# eof