# VidRip Caddyfile
# This configuration serves the frontend and proxies API requests to the backend
#
# NOTE: This file will be auto-generated by start-production.sh if it doesn't exist.
#       The script will prompt you for your domain name.
#
# Manual Usage:
#   1. Install Caddy: https://caddyserver.com/docs/install
#   2. Update 'your-domain.com' below with your actual domain
#   3. Run: caddy run (for testing) or caddy start (background)
#   4. Or use systemd service (see DEPLOYMENT.md)
#
# Features:
#   - Automatic HTTPS with Let's Encrypt
#   - Reverse proxy to backend API
#   - Static file serving for frontend
#   - Compression enabled
#   - Security headers

# Replace with your domain or use :80 for localhost
your-domain.com {
    # Enable compression
    encode gzip zstd

    # Security headers
    header {
        # Enable HSTS (forces HTTPS)
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        # Prevent clickjacking
        X-Frame-Options "SAMEORIGIN"
        # Prevent MIME type sniffing
        X-Content-Type-Options "nosniff"
        # Enable XSS protection
        X-XSS-Protection "1; mode=block"
        # Referrer policy
        Referrer-Policy "strict-origin-when-cross-origin"
        # Remove server header for security
        -Server
    }

    # API routes - proxy to backend
    handle /api/* {
        reverse_proxy localhost:3001 {
            # Health check
            health_uri /api/health
            health_interval 10s
            health_timeout 5s

            # Headers
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }

    # Serve frontend static files
    handle {
        # Root directory is the frontend build output
        root * /var/www/vidrip

        # Try files first, fall back to index.html for SPA routing
        try_files {path} /index.html

        # Serve files
        file_server

        # Cache static assets
        @static {
            path *.js *.css *.woff *.woff2 *.ttf *.eot *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp
        }
        header @static {
            Cache-Control "public, max-age=31536000, immutable"
        }

        # Don't cache index.html
        @html {
            path *.html
        }
        header @html {
            Cache-Control "no-cache, no-store, must-revalidate"
        }
    }

    # Logging
    log {
        output file /var/log/caddy/vidrip-access.log {
            roll_size 100mb
            roll_keep 10
        }
        format json
    }
}

# Alternative configuration for local development/testing without a domain
# Uncomment this and comment out the domain configuration above
# :80 {
#     encode gzip zstd
#
#     handle /api/* {
#         reverse_proxy localhost:3001
#     }
#
#     handle {
#         root * /var/www/vidrip
#         try_files {path} /index.html
#         file_server
#     }
#
#     log {
#         output stdout
#     }
# }