# global options { # remove comment to use staging Let's Encrypt servers (for testing) # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory # auto_https contact mail address, for TLS certs notifications (expiry, # other problems with certs) email admins@pub.solar # default to no-logs-policy, don't log anything # comment this block out for debugging log { output discard } } # static file server miom.space { root * /srv/miom.space file_server } # redirect www. subdomain to apex (root) domain www.miom.space { redir https://miom.space{uri} } # security and privacy headers header { # disable FLoC tracking Permissions-Policy interest-cohort=() # enable HSTS Strict-Transport-Security max-age=63072000; # disable clients from sniffing the media type X-Content-Type-Options nosniff # clickjacking protection X-Frame-Options DENY # keep referrer data off of HTTP connections Referrer-Policy no-referrer-when-downgrade }