diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 5156d4e..87ca933 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -74,12 +74,10 @@ uptime.sauravdhakal.com.np {
 }
 
 # -----------------------------------------------
-# Gitea — DUAL MODE
-# Public: Web UI (read-only via matchers)
-# Private: Full access (SSH + push/pull via VPN)
+# Gitea — PUBLIC WEB UI
+# Gitea's built-in auth handles write restrictions
 # -----------------------------------------------
 
-# PUBLIC Gitea Web UI
 gitea.sauravdhakal.com.np {
     # Allow public access (no bind = all interfaces)
 
@@ -90,31 +88,12 @@ gitea.sauravdhakal.com.np {
         Referrer-Policy strict-origin-when-cross-origin
     }
 
-    # Restrict dangerous endpoints on public access
-    # Block only git PUSH operations (write), allow clone (read)
-    @publicDangerous {
-        path /api/v1/repos/*/archive/*
-        path /repos/*/archive/*
-        path /*/git-receive-pack
-    }
-
-    handle @publicDangerous {
-        respond 403
-    }
-
-    # Allow everything else (UI, API read, etc)
     reverse_proxy localhost:3000 {
         header_up X-Real-IP {remote_host}
         header_up X-Forwarded-For {remote_host}
     }
 }
 
-# PRIVATE Gitea (Full Access via VPN)
-gitea-private.sauravdhakal.com.np {
-    bind 100.81.85.182
-    reverse_proxy localhost:3000
-}
-
 # Woodpecker CI — VPN only
 ci.sauravdhakal.com.np {
     bind 100.81.85.182