{
	#debug
	order replace after encode
}

(log) {
	log {
		output file /log/{args[0]}/access.log {
			roll_size 100MiB
			roll_local_time
			roll_keep 10
			roll_keep_for 2160h
		}
	}
}

(common) {
	header Host {host}
	header X-Real-IP {remote_host}
	header X-Forwarded-For {remote_host}
	header X-Forwarded-Proto {scheme}

	request_body {
		max_size 50MB
	}
}

(ratelimit) {
	rate_limit {
		zone dynamic_zone {
			key {client_ip}
			events 50
			window 1s
		}
		log_key
	}
}

(geo_only_allow_country) {
	@only_allow_country_geofilter {
		not {
			maxmind_geolocation {
				db_path "/config/geodb/GeoLite2-Country.mmdb"
				allow_countries {args[0]}
			}
		}
	}

	respond @only_allow_country_geofilter "You are blocked" 403
}

(geo_not_allow_country) {
	@not_allow_country_geofilter {
		maxmind_geolocation {
			db_path "/config/geodb/GeoLite2-Country.mmdb"
			allow_countries {args[0]}
		}
	}

	respond @not_allow_country_geofilter "You are blocked" 403
}

:443 {
	tls internal
	respond 404
}

import /conf/*.caddyfile