{
    auto_https off
    frankenphp

    servers {
        enable_full_duplex
    }
}

:80 {
    encode zstd br gzip

    root * /app/

    route {
        handle {
            basic_auth {
                # Format :
                # <username> <caddy hash-password>
                import /etc/frankenphp/htpasswd
            }

            try_files {path} {path}/index.html /index.php?{query}

            php_server

            file_server
        }
    }

    # Security headers
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Referrer-Policy "strict-origin-when-cross-origin"
    }
}