Another vector for the injection vulnerability found

for completeness sake

the caddy changes if you use that (like meeeee)

media.myinstance.live {
        handle /media/* {
                reverse_proxy 127.0.0.1:4000 {
                        transport http {
                                response_header_timeout 10s
                                read_timeout 15s
                        }
                }
        }

    handle /proxy/* {
                reverse_proxy 127.0.0.1:4000 {
                        transport http {
                                response_header_timeout 10s
                                read_timeout 15s
                        }
                }
        }
}

…
then in main block

handle /media/* {
                redir https://media.myinstance.live{uri} permanent
 }

handle /proxy/* {
                redir https://media.myinstance.live{uri} permanent
 }