GitFOSS

@@ -1,6 +1,8 @@
 gitfoss.dev {
   tls {
     issuer zerossl [stripped]
+    protocols tls1.3 tls1.2
+    ciphers ECDHE-RSA-WITH-AES-256-GCM-SHA384
   }
   reverse_proxy gitfoss_web:1337 {
     header_up X-Real-IP {remote}

@@ -8,9 +10,31 @@ gitfoss.dev {
     header_up X-Forwarded-Proto {remote}
     header_up Host {host}^
   }
+   header / {
+    -Server
+    X-Content-Type-Options nosniff
+    X-Frame-Options SAMEORIGIN
+    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  }
+  route /auth/login {
+    rate_limit {
+      zone login
+      limit 10r/m
+    }
+  }
+  route /auth/register {
+    rate_limit {
+      zone register
+      limit 10r/m
+    }
+  }
 }
 
 // www.gitfoss.dev, gitfoss.sk, gitfoss.tech {
 www.gitfoss.dev {
   redir https://gitfoss.dev{uri} 301
 }
+
+http:// {
+  redir https://{host}{uri} permanent
+}