Oh dear… I have no idea how I came up with this, but this is the config which works.
{
debug
}
sub.domain.com {
tls /etc/ssl/cert.pem /etc/ssl/key.pem
encode gzip
root * /www
@ipfilter {
not remote_ip 192.168.100.0/24
}
respond @ipfilter 403
@zxp path_regexp myregex ^/([zx]p?)/(.*)/(.+\.(?:gif|jpe?g|png|txt|html?|css|js))$
rewrite @zxp /{re.myregex.1}/{re.myregex.2}/img/{re.myregex.3}
file_server @zxp {
root @zxp /mnt
}
file_server *
log {
output stdout
format single_field common_log
}
header Strict-Transport-Security max-age=31536000;
}
If someone could explain my why, I’d appreciate.