{
	email {$TLS_EMAIL}
}

{$GITEA_DOMAIN} {
	encode zstd gzip
	reverse_proxy gitea:3000

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy "strict-origin-when-cross-origin"
	}
}

chat.bhatfamily.in {
	encode zstd gzip
	reverse_proxy gemma3-chat-ui:8080

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy "strict-origin-when-cross-origin"
	}
}

openvpn.bhatfamily.in {
	encode zstd gzip
	reverse_proxy https://172.17.0.1:8445 {
		transport http {
			tls_insecure_skip_verify
		}
	}

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy "strict-origin-when-cross-origin"
	}
}

nxt.bhatfamily.in {
	encode zstd gzip
	reverse_proxy https://172.17.0.1:8447 {
		transport http {
			tls_insecure_skip_verify
		}
	}

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy "strict-origin-when-cross-origin"
	}
}

vpn.bhatfamily.in {
	encode zstd gzip
	reverse_proxy https://172.17.0.1:943 {
		transport http {
			tls_insecure_skip_verify
		}
	}

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy "strict-origin-when-cross-origin"
	}
}

:80 {
	redir https://{host}{uri} permanent
}