Setup a site with https (with redirect) serving files from /var/www/html/kota.nz with zstd or gzip and redirecting the www prefix.

www.kota.nz {
	redir https://kota.nz{uri}
}

kota.nz {
	root * /var/www/html/kota.nz
	encode zstd gzip
	log {
		output file /var/log/caddy/kota.nz.log
	}
	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()

		# enable HSTS
		Strict-Transport-Security max-age=31536000;

		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff

		# clickjacking protection
		X-Frame-Options DENY

		# keep referrer data off
		Referrer-Policy no-referrer

		# disable scripts and other nasties
		Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; frame-ancestors 'none'; base-uri 'none'; manifest-src 'self'; upgrade-insecure-requests;"
	}
	route {
		header Cache-Control max-age=3600
		header /main.*.css Cache-Control "max-age=31536000, immutable"
		header /favicon.*.png Cache-Control "max-age=31536000, immutable"
	}
	file_server
}

proxy

lists.nilsu.org {
	reverse_proxy * localhost:4000
	encode zstd gzip
	log {
		output file /var/log/caddy/lists.nilsu.org.log
	}
}