site/proxy/Caddyfile

# Global options
{
	# Disable auto HTTPS since we're using existing certificates
	auto_https off
}

# HTTP to HTTPS redirect
:80 {
	redir https://{host}{uri} permanent
}

# Main domain - oily.dad and www.oily.dad
oily.dad, www.oily.dad {
	# Root directory (not strictly needed for reverse proxy)
	root * /var/www/html

	# Use existing SSL certificates
	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem

	# Onion-Location header
	header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}

	# Reverse proxy to backend
	reverse_proxy http://backend:8000 {
		# Preserve original host header
		header_up Host {host}
		header_up X-Real-IP {remote}
		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
	}
}

# Subdomain for Gitea - gut.oily.dad
gut.oily.dad {
	# Root directory (not strictly needed for reverse proxy)
	root * /var/www/html

	# Use existing SSL certificates
	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem

	# Reverse proxy to Gitea
	reverse_proxy http://gitea:3000 {
		# WebSocket support for Gitea
		header_up Connection {>Connection}
		header_up Upgrade {>Upgrade}

		# Preserve original headers
		header_up Host {host}
		header_up X-Real-IP {remote}
		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
	}
}

# Subdomain for Stump (comics/books) - book.oily.dad
book.oily.dad {
	# Root directory (not strictly needed for reverse proxy)
	root * /var/www/html

	# Use existing SSL certificates
	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem

	# Reverse proxy to Stump
	reverse_proxy http://stump:10801 {
		# WebSocket support for Stump (if needed)
		header_up Connection {>Connection}
		header_up Upgrade {>Upgrade}

		# Preserve original headers
		header_up Host {host}
		header_up X-Real-IP {remote}
		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
	}
}