{
	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	#servers {
	#	trusted_proxies cloudflare {
    #		interval 12h
    #		timeout 15s
	#	}
	#	client_ip_headers Cf-Connecting-Ip
	#}
}

outsideuptimedev.madereddy.com {
	reverse_proxy uptime:3001
}

oracledev.madereddy.com {
	log {
		level INFO
		output file "/data/oracleaccess.log" {
			roll_size 10MB
			roll_keep 10
		}
	}

	reverse_proxy syncthing:8384 {
		transport http {
			tls_insecure_skip_verify
		}
	}

	route /hook* {
		rewrite /hook/ /
		reverse_proxy webhook:8080
	}
}

bitwardenhome.madereddy.com {
	log {
		level INFO
		output file "/data/access.log" {
			roll_size 10MB
			roll_keep 10
		}
	}

	# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
	#tls {
	#	dns cloudflare "KOVqE-q6TxjLRofG1rDVRR3KoI0SLVxLyA8QefHZ"
	#}
	# Or uncomment this if you're providing your own cert. You would also use this option
	# if you're running behind Cloudflare.
	# tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}

	# This setting may have compatibility issues with some browsers
	# (e.g., attachment downloading on Firefox). Try disabling this
	# if you encounter issues.
	encode gzip

	# Uncomment to improve security (WARNING: only use if you understand the implications!)
	# header {
	#      # Enable HTTP Strict Transport Security (HSTS)
	#      Strict-Transport-Security "max-age=31536000;"
	#      # Enable cross-site filter (XSS) and tell browser to block detected attacks
	#      X-XSS-Protection "1; mode=block"
	#      # Disallow the site to be rendered within a frame (clickjacking protection)
	#      X-Frame-Options "DENY"
	#      # Prevent search engines from indexing (optional)
	#      X-Robots-Tag "none"
	#      # Server name removing
	#      -Server
	# }

	# Uncomment to allow access to the admin interface only from local networks
	# @insecureadmin {
	#   not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
	#   path /admin*
	# }
	# redir @insecureadmin /

	# Proxy everything else to Rocket
	reverse_proxy bitwarden:8080 {
		# Send the true remote IP to Rocket, so that vaultwarden can put this in the
		# log, so that fail2ban can ban the correct IP.
		header_up X-Real-IP {http.request.header.CF-Connecting-IP}
	}
}

foundrydev.madereddy.com {
	reverse_proxy foundry-dr:30000
}