# Backends
backend default
  tcp-request content reject

backend letsencrypt
  server certbot 127.0.0.1:8899

backend laminar
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server laminar laminar.incus:8080 check

backend forgejo
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server forgejo forgejo.incus:3000 check

backend forgejo
  # set HSTS for one year after all responses
  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  # add some Security headers
  http-response set-header X-Frame-Options "SAMEORIGIN"
  http-response set-header X-Content-Type-Options "nosniff"
  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
  http-response set-header Cross-Origin-Resource-Policy "same-origin"
  server mastodon mastodon.incus:80 send-proxy check