diff --git a/conf/tresor.conf b/conf/tresor.conf
new file mode 100644
index 0000000..f254357
--- /dev/null
+++ b/conf/tresor.conf
@@ -0,0 +1,35 @@
+# Caddyfile for DigiErbe Tresor
+tresor.example.com {
+  #PHP
+  php_fastcgi unix//run/php/php-fpm.sock
+
+  # Root directory
+  root * /Pfad/Zu/DigiErbe/Tresor/public
+
+  # Authentication
+  basic_auth / {
+    username $2a$14$SetHashedPasswordHere
+  }
+
+  # Activate file server in Caddy
+  file_server
+
+  # Redirect all requests to index.php
+  try_files {path} /index.php
+
+  # Security headers
+  header {
+    -Server
+    X-Content-Type-Options "nosniff"
+    X-Frame-Options "DENY"
+    X-XSS-Protection "1; mode=block"
+  }
+
+  # Add authenticated username as HTTP Header to the request
+  header_down +X-WEBAUTH-USER {http.auth.user.id}
+
+  # Protokoll
+  log {
+    output file /var/log/caddy/DigiErbe/tresor.log
+  }
+}
\ No newline at end of file