{
	# disable unwanted stuff
	admin off
	skip_install_trust
	# define the ports by the environment variables
	http_port {$HTTP_PORT}
	https_port {$HTTPS_PORT}
}

{$CADDY_HOSTS} {
	# the tls certificates
	tls {$DATADIR}/tls/server.pem {$DATADIR}/tls/server-key.pem
	route {
		# profile pictures
		file_server /profilepictures/* {
			root {$DATADIR}/profilepictures/..
		}
		# static files
		file_server /static/* {
			root {$DATADIR}/static/..
		}
		# favicon
		redir /favicon.ico /static/favicon.ico
		# reverse proxy to the (django) application
		reverse_proxy localhost:{$APPLICATION_PORT}
		# set additional security headers
		header Content-Security-Policy "default-src 'self'"
	}
	# use compression
	encode gzip
	# logging
	log {
		output file {$ACCESS_LOG}
		format filter {
			wrap json {
				time_format rfc3339
			}
			fields {
				request>headers delete
				request>tls delete
				request>remote_ip hash
				request>remote_port delete
				user_id delete
				resp_headers delete
			}
		}
		level INFO
	}
}