{
	# Cache module
	order cache before rewrite
	cache {
		ttl 10m
	}
	log {
		output file /data/caddy_global.log
	}
}

jenkins.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
	}

	# Large files
	request_body {
		max_size 512MB
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/jenkins_access.log
	}

	# Redirect
	reverse_proxy jenkins:8080 {
		flush_interval -1
	}
}

portfolio.lucasroyer.fr {
	# Server cache
	cache {
		ttl 24h
		stale 12h
	}
	# Security
	header {
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Errors
	handle_errors {
		# If error is 502, 503 or 504, show error.html without changing client URL
		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504

		handle @service_out {
			root * /srv
			rewrite * /error.html
			file_server
		}
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/portfolio_access.log
	}

	# Redirect
	reverse_proxy portfolio:80
}

gitea.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Large files
	request_body {
		max_size 512MB
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/gitea_access.log
	}

	# Redirect
	reverse_proxy gitea-app:3000 {
		flush_interval -1
	}
}

kuma.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/uptime-kuma-lucas_access.log
	}

	# Redirect
	reverse_proxy uptime-kuma-lucas:3001 {
	}
}

uptime-cyrus.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/uptime-kuma-cyrus_access.log
	}

	# Redirect
	reverse_proxy uptime-kuma-cyrus:3001 {
	}
}

n8n.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/n8n_access.log
	}

	# Redirect
	reverse_proxy n8n:5678 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
	}
}

ntfy.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# No cache
	header -Cache-Control
	header -Expires

	# Large files
	request_body {
		max_size 512MB
	}

	# Compression
	encode gzip

	# Log
	log {
		output file /data/ntfy_access.log
	}

	# Redirect
	reverse_proxy ntfy:80 {
		flush_interval -1
	}
}

syncthing.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/syncthing_access.log
	}

	# Redirect
	reverse_proxy syncthing:8384 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
	}
}

vaultwarden.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		Permissions-Policy "geolocation=(), microphone=(), camera=()"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/vaultwarden_access.log
	}

	# Redirect
	reverse_proxy vaultwarden-lucas:80 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
	}
}

motsdepasse.interstices.pro {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		Permissions-Policy "geolocation=(), microphone=(), camera=()"
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/vaultwarden_access.log
	}

	# Redirect
	reverse_proxy vaultwarden-interstices:80 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
	}
}

nextcloud.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "no-referrer"
		Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
		-Server
	}

	# Large files
	request_body {
		max_size 10GB
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/nextcloud_access.log
	}

	# Redirect
	reverse_proxy nextcloud-web:80 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
		header_down X-Frame-Options "SAMEORIGIN"
		header_down X-Content-Type-Options "nosniff"
	}
}

onlyoffice.lucasroyer.fr {
	# Security
	header {
		Content-Security-Policy "frame-ancestors 'self' nextcloud.lucasroyer.fr"
		X-Frame-Options "ALLOW-FROM https://nextcloud.lucasroyer.fr"
		X-Content-Type-Options nosniff
	}

	# Compression
	encode zstd gzip

	# Redirect
	reverse_proxy onlyoffice:80 {
		header_up Host {host}
		header_up X-Real-IP {remote_host}
	}
}

spationautes.fr {
	root * /srv/site-spationautes/html

	# Server cache
	cache {
		ttl 24h
		stale 12h
	}
	# Security
	header {
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Errors
	handle_errors {
		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
		handle @service_out {
			root * /srv
			rewrite * /error.html
			file_server
		}
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/site-spationautes_access.log
	}

	# Redirect
	file_server
}

veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
	# Server cache
	cache {
		ttl 24h
		stale 12h
	}

	# Security
	header {
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Errors
	handle_errors {
		# If error is 502, 503 or 504, show error.html without changing client URL
		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
		handle @service_out {
			root * /srv
			rewrite * /error.html
			file_server
		}
	}

	# Compression
	encode zstd gzip

	# Log
	log {
		output file /data/site-veloboomboom_access.log
	}

	# Prod redirect
	@prod host veloboomboom.internantes.ovh
	handle @prod {
		root * /srv/site-veloboomboom/html-prod
		file_server
	}

	# Test redirect
	@test host veloboomboom.lucasroyer.fr
	handle @test {
		basic_auth {
			testuser $2a$14$hNv5hbag695p/jcyB.7qeOoCvqxQ0L6zyBptfHU15qnTtmivfXAea
		}
		root * /srv/site-veloboomboom/html
		file_server
	}

	# Fallback
	handle {
		respond "Not Found" 404
	}
}

csv.lucasroyer.fr {
	root * /srv/csv
	file_server browse

	header Content-Type "text/csv; charset=utf-8"
	header Access-Control-Allow-Origin "*"
}
