Caddyfile: No global matchers

docs/example-advanced.caddy.conf

@@ -8,12 +8,6 @@
 #   installation (http server by the Nodejs process). If you are using CryptPad
 #   in production and require professional support please contact sales@cryptpad.fr
 
-@trustedProxies {
-	# Force Caddy to accept `X-Forwarded-For` and other origin headers.
-	# Modify the line below if you want to restrict the scope of direct downstream sending these headers.
-	trusted_proxies 0.0.0.0/0 ::/0
-}
-
 # Caddy does not have variables for server names, so domains need to be hardcoded.
 # You can bulk replace "your-main-domain.com" and "your-sandbox-domain.com" safely.
 your-main-domain.com:443,
@@ -139,6 +133,12 @@ your-sandbox-domain.com:443 {
 	}
 	header @fileModuleJS Content-Type "application/javascript"
 	
+	@trustedProxies {
+		# Force Caddy to accept `X-Forwarded-For` and other origin headers.
+		# Modify the line below if you want to restrict the scope of direct downstream sending these headers.
+		trusted_proxies 0.0.0.0/0 ::/0
+	}
+	
 	# The Node.js process can handle all traffic, whether accessed over websocket or as static assets.
 	# We prefer to serve static content from Caddy directly, and to leave the API server to handle the
 	# the dynamic content that only it can manage. This is primarily for optimization.