@@ 1,1 1,57 @@
+(common_opts) {
+ encode zstd gzip
+ # zerossl config
+ tls {
+ import zerossl-api
+ }
+# tls hostmaster@searx.is
+
+ header {
+ # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
+ Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+ # Enable cross-site filter (XSS) and tell browser to block detected attacks
+ X-XSS-Protection "1; mode=block"
+
+ # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+ X-Content-Type-Options nosniff
+
+ # Disallow the site to be rendered within a frame (clickjacking protection)
+ X-Frame-Options SAMEORIGIN
+
+ # Disable some features
+ Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
+
+ # Disable some features (legacy)
+ Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
+
+ # Referer
+ Referrer-Policy "no-referrer"
+
+ # X-Robots-Tag
+ X-Robots-Tag "noindex, noarchive, nofollow"
+
+ # Remove Server header
+ -Server
+
+ # Allow caching up to a week
+ Cache-Control max-age=31536000
+ }
+}
+
+searx.is {
+ reverse_proxy localhost:8080
+ import common_opts
+}
+
+docs.searx.is {
+ root * /public_html
+ file_server
+ import common_opts
+}
+
+nostr.searx.is {
+ reverse_proxy localhost:7000
+ import common_opts
+}