(LOG) {
    log {
        format json  {
            time_format "iso8601"
        }
        output file "{args[0]}" {
            roll_size 100mb
            roll_keep 3
            roll_keep_for 7d
        }
    }
}

(TLS) {
    # TLS 配置采用 https://mozilla.github.io/server-side-tls/ssl-config-generator/ 生成，SSL Labs 评分 A+
    protocols tls1.2 tls1.3
    ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}

(HSTS) {
    # HSTS (63072000 seconds)
    header / Strict-Transport-Security "max-age=63072000"
}


# 聚合上面的配置片段为新的片段
(COMMON_CONFIG) {
    encode zstd gzip

    tls {
        import TLS
    }

    import HSTS
}


import /srv/*.caddy
