# ref https://ssl-config.mozilla.org/#server=caddy&version=2.1.1&config=intermediate&guideline=5.7
#

:80 {
	root * /var/www/html
	file_server
}

:443 {
	root * /var/www/html
	file_server
}

www.example.com {
	redir https://gitserver.in{uri}
}

example.com {
	tls user@email.com {
		protocols tls1.2 tls1.3
		ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	}
	# HSTS (63072000 seconds)
	header Strict-Transport-Security "max-age=63072000"
	reverse_proxy localhost:8080
}