{{ vhost_url }} {

    header / {
        # Enable HTTP Strict Transport Security (HSTS) to force clients to always
        # connect via HTTPS (do not use if only testing)
        Strict-Transport-Security "max-age=31536000;"
        # Enable cross-site filter (XSS) and tell browser to block detected attacks
        X-XSS-Protection "1; mode=block"
        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"
        # Disallow the site to be rendered within a frame (clickjacking protection)
        X-Frame-Options "DENY"
    }

    log  {
        output file {{ caddy_logs }}/{{ vhost_name }}/vhost.log
    }

    root * {{ caddy_www }}/{{ vhost_name }}
    file_server
    encode zstd gzip

    {% if custom_errors %}
    handle_errors {
        @404 {
            expression {http.error.status_code} == 404
        }
        rewrite @404 /404.html
        file_server
    }
    {% endif %}

}

{% if www_redirect %}
www.{{ vhost_url }} {

    redir https://{{ vhost_url }}

}
{% endif %}