# Common security headers as snippet
(security_headers) {
  header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains"
    X-Content-Type-Options nosniff
    Referrer-Policy strict-origin-when-cross-origin
    -Server
  }
}

slimcore.io, www.slimcore.io {
  root * /var/www/slimcore.io
  try_files {path} {path}/ /index.html
  file_server
  encode zstd gzip
  import security_headers

  # Pre-Launch: Basic-Auth fuer die ganze Site (User: demo / Pass: demo)
  # Entfernen, sobald die Seite oeffentlich gehen soll.
  basic_auth {
    demo $2a$14$FQAC7jJWZnGJzPxNtCIkWOSrYDazfp6/bZR9oNl8IoZmOTh89wF.6
  }
  # Solange die Site nicht oeffentlich ist, soll sie auch nicht indexiert werden:
  header X-Robots-Tag "noindex, nofollow"
}

digiformer.eu, www.digiformer.eu {
  root * /var/www/digiformer.eu
  try_files {path} {path}/ /index.html
  file_server
  encode zstd gzip
  import security_headers
}

slimsafe.io, www.slimsafe.io {
  root * /var/www/slimsafe.io
  try_files {path} {path}/ /index.html
  file_server
  encode zstd gzip
  import security_headers
}

fonboard.io, www.fonboard.io {
  root * /var/www/fonboard.io
  try_files {path} {path}/ /index.html
  file_server
  encode zstd gzip
  import security_headers
}

# Catch-all for unknown hostnames hitting the IP directly
:80 {
  respond "Not found" 404
}