# Caddyfile

{
# Global options
  servers {
            metrics
          }
}

# Define the site

app.mo-code.at:4000, :4000 {
# Root directory for static files
  root * /usr/share/caddy

# Access Logs (JSON format for Docker)
  log {
        output stdout
        format json
      }

# Enable Gzip/Zstd compression
  encode gzip zstd

# Templates for runtime configuration (config.json)
  templates {
              mime application/json
            }

# Cache Control for static assets (immutable)
  @static {
            file
            path *.js *.css *.png *.jpg *.svg *.wasm
          }
  header @static Cache-Control "public, max-age=31536000, immutable"

# Security Headers
  header {
           Cross-Origin-Opener-Policy "same-origin"
           Cross-Origin-Embedder-Policy "require-corp"
           X-Content-Type-Options "nosniff"
           X-Frame-Options "DENY"
           Referrer-Policy "strict-origin-when-cross-origin"
           Permissions-Policy "camera=(), microphone=(), geolocation=()"
         }

# --- ROUTING LOGIC ---

# 1. API Proxy
  handle /api/* {
                  reverse_proxy api-gateway:8081
                }

# 2. Health Check
  handle /health {
                   respond "healthy" 200
                 }

# 3. Static Files & SPA Fallback
  handle {
           try_files {path} /index.html
           file_server
         }
}