{ http_port 8080 https_port 8443 } {{ if all .SSL_MAIN_DOMAIN .SSL_EXTRA_DOMAINS -}} {{ .SSL_EXTRA_DOMAINS }} { redir https://{{ .SSL_MAIN_DOMAIN }} } {{ end -}} {{ .SSL_MAIN_DOMAIN | default ":8080" }} { @staticfiles { path *.jpeg *.jpg *.png *.gif *.bmp *.ico *.svg *.tif *.tiff *.css *.js *.htm *.html *.ttf *.otf *.webp *.woff *.woff2 *.txt *.csv *.rtf *.doc *.docx *.xls *.xlsx *.ppt *.pptx *.odf *.odp *.ods *.odt *.pdf *.psd *.ai *.eot *.eps *.ps *.zip *.tar *.tgz *.gz *.rar *.bz2 *.7z *.aac *.m4a *.mp3 *.mp4 *.ogg *.wav *.wma *.3gp *.avi *.flv *.m4v *.mkv *.mov *.mp4 *.mpeg *.mpg *.wmv *.exe *.iso *.dmg *.swf } log { output stdout format json } @blocked { path */.* } respond @blocked 404 encode zstd gzip header X-Content-Type-Options "nosniff" header X-Frame-Options "SAMEORIGIN" header @staticfiles Cache-Control "public, max-age=604800, must-revalidate" header -Server header -X-Powered-By root * /opt/powerdns-admin/powerdnsadmin route { file_server @staticfiles { pass_thru } reverse_proxy 127.0.0.1:9494 } }