(cache_enabler) {
	@cache_enabler {
		not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"
		not path_regexp "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(index)?.xml|[a-z0-9-]+-sitemap([0-9]+)?.xml)"
		not method POST
		not expression {query} != ''
	}

	route @cache_enabler {
		try_files /wp-content/cache/cache-enabler/{host}{uri}/https-index.html /wp-content/cache/cache-enabler/{host}{uri}/index.html {path} {path}/index.php?{query}
	}
}

(wordpress_security) {
	@forbidden {
		not path /wp-includes/ms-files.php
		path /wp-admin/includes/*.php
		path /wp-includes/*.php
		path /wp-config.php
		path /wp-content/uploads/*.php
		path /.user.ini
		path /wp-content/debug.log
	}
	respond @forbidden "Access denied" 403
}

{$SERVER_NAME} {
	root * /var/www/html
	encode zstd gzip

	# Serve WordPress PHP files through php-fpm:
	php_fastcgi wordpress:9000

	# Enable the static file server:
	file_server {
		precompressed gzip
	}
	header / {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
	}

	import cache_enabler
	import wordpress_security
}
