# Caddyfile — Cyrene AI 助手平台反向代理
# Caddy version: 2.x

{
	# 全局配置
	email {$ACME_EMAIL:admin@localhost}
	admin off
}

# 默认站点
:80 {
	# 访问日志
	log {
		output stdout
		format json
	}

	# 安全头
	header {
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		# 生产环境启用 HSTS
		# Strict-Transport-Security "max-age=31536000; includeSubDomains"
	}

	# WebSocket 路由 (需放在 API 路由之前以匹配优先级)
	handle_path /ws/* {
		reverse_proxy gateway:8080 {
			# WebSocket 支持
			header_up Host {http.request.host}
		}
	}

	# API 路由 → Gateway
	handle_path /api/* {
		reverse_proxy gateway:8080 {
			header_up Host {http.request.host}
			header_up X-Forwarded-For {http.request.remote.host}
			header_up X-Forwarded-Proto {http.request.scheme}
		}
	}

	# 前端静态文件 (未来可改为反代到 frontend 容器)
	handle {
		# 默认响应 — 前端尚未部署时使用
		respond "Cyrene AI Platform — Frontend coming soon." 200
	}
}
