https://matrix.DOMAIN {
	# If you use your own certificates, your path may differ
	# If you wish to use Caddy's built-in Let's Encrypt support, you can also supply an email address here
	tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem

	root /matrix/static-files

	header / {
		Access-Control-Allow-Origin *
		Strict-Transport-Security "mag=age=31536000;"
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
	}

	# Identity server traffic
	proxy /_matrix/identity matrix-ma1sd:8090 {
		transparent
	}
	proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
		transparent
	}

	# Synapse Client<>Server API
	proxy /_matrix matrix-synapse:8008 {
		transparent
		except /_matrix/identity/ /_matrix/client/r0/user_directory/search
	}
	proxy /_synapse/client matrix-synapse:8008 {
		transparent
	}
}