# Synor Hosting - Caddy Configuration
# Automatic HTTPS with Let's Encrypt

# Global options
{
    # Email for Let's Encrypt
    email admin@synor.cc

    # Use staging for testing (uncomment)
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

# Wildcard certificate for *.synor.cc
*.synor.cc {
    # Reverse proxy to hosting gateway
    reverse_proxy hosting-gateway:8080

    # Logging
    log {
        output stdout
        format json
    }

    # Security headers
    header {
        X-Content-Type-Options nosniff
        X-Frame-Options SAMEORIGIN
        Referrer-Policy strict-origin-when-cross-origin
        -Server
    }

    # Compression
    encode gzip zstd
}

# Main domain
synor.cc {
    # Redirect to www or serve landing page
    reverse_proxy hosting-gateway:8080

    log {
        output stdout
        format json
    }

    header {
        X-Content-Type-Options nosniff
        X-Frame-Options SAMEORIGIN
        Referrer-Policy strict-origin-when-cross-origin
        -Server
    }

    encode gzip zstd
}

# Health check endpoint (internal)
:80 {
    respond /health 200

    # Forward all other requests
    handle {
        reverse_proxy hosting-gateway:8080
    }
}