# global options
{
	# remove comment to use staging Let's Encrypt servers (for testing)
	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory

	# auto_https contact mail address, for TLS certs notifications (expiry,
	# other problems with certs)
	email admins@pub.solar

	# Fix for crash on triton, see:
	# https://smartos.topicbox.com/groups/smartos-discuss/Te8e92fc14c1b3f9d
	servers {
		protocols h1 h2
	}
}

# security and privacy header snippet
(security_headers) {
	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()

		# enable HSTS
		Strict-Transport-Security max-age=63072000;

		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff

		# clickjacking protection
		X-Frame-Options DENY

		# keep referrer data off of HTTP connections
		Referrer-Policy no-referrer-when-downgrade
	}
}

# static file server
miom.space {
	import security_headers
	root * /srv/miom.space
	file_server

	# caddys default is no access logs at all
	# comment this block out for debugging
	#log {
	#        output file /var/log/caddy-access.log
	#}
}

# redirect www. subdomain to apex (root) domain
www.miom.space {
	import security_headers
	redir https://miom.space{uri}
}