{
	storage s3 {
		host "{env.PAGES_STORAGE_S3_ENDPOINT}"
		access_id "{env.PAGES_STORAGE_S3_ACCESS_KEY_ID}"
		secret_key "{env.PAGES_STORAGE_S3_SECRET_ACCESS_KEY}"
		bucket "{env.PAGES_STORAGE_S3_BUCKET}"
		prefix "ssl"
	}

	admin off

	persist_config off

	email {env.ACME_EMAIL}

	auto_https disable_redirects

	on_demand_tls {
		permission http http://localhost:3001
	}
}

https://, http:// {
	tls {
		on_demand
	}

	# initial PUT/POST for a new domain has to happen over HTTP
	@upgrade `method('GET') && protocol('http')`
	redir @upgrade https://{host}{uri} 301

	reverse_proxy http://localhost:3000
	header Alt-Svc `h3=":443"; persist=1, h2=":443"; persist=1`
	encode
}
