# Caddy's configuration file
# see: https://caddyserver.com/docs/caddyfile

cutei.j4ne.de {
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains;"
		?Referrer-Policy "no-referrer"
		?X-Content-Type-Options "nosniff"
		?X-Download-Options "noopen"
		?X-Frame-Options "SAMEORIGIN"
		?X-Permitted-Cross-Domain-Policies "none"
		?X-Robots-Tag "noindex, nofollow"
		?X-XSS-Protection "1; mode=block"
	}
	encode {
		zstd
		gzip 4
		minimum_length 256

	}
	route {
		@msftdavclient {
			header User-Agent DavClnt*
			path /
		}
		redir @msftdavclient /remote.php/webdav 302
		redir /.well-known/carddav /remote.php/dav 301
		redir /.well-known/caldav /remote.php/dav 301
		redir /remote/* /remote.php{path} 301

		route /robots.txt {
			log_skip
			file_server
		}

		# check .htaccess before updating nextcloud
		@internal {
			path \
				/build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* \
				.autotest* .occ* .issue* .indie* .db_* .console*
		}
		error @internal 404

		@assets {
			path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.webp *.ico *.wasm *.tflite \
 *.otf *.woff2 *.webm \
 *.js.map *.css.map
			file {path}
		}
		route @assets {
			file_server {
				precompressed gzip zstd
			}
		}

		#try_files {path} {path}/
		#@notphpordir not path /*.php /*.php/* / /*/
		#file_server @notphpordir {
		#	pass_thru
		#}

		@notlegacy {
			path *.php *.php/
			not path /index*
			not path /remote*
			not path /public*
			not path /cron*
			not path /core/ajax/update*
			not path /status*
			not path /ocs/v1*
			not path /ocs/v2*
			not path /ocs-provider/*
			not path /updater/*
			not path */richdocumentscode/proxy*
		}

		rewrite @notlegacy /index.php{uri}
	}

	php_fastcgi unix//run/nextcloud/fastcgi.sock
	root * /usr/share/webapps/nextcloud
	encode gzip
}