# Caddyfile — serve static frontend, proxy /api + /ws to backend
# handle blocks are mutually exclusive + ordered: API/WS first, static last.
# (try_files at site level would rewrite /api/* → /index.html before proxy.)

{
	# admin off for docker
	admin off
}

:80 {
	encode gzip

	# REST API → backend service (path preserved: /api/doc etc.)
	handle /api/* {
		reverse_proxy backend:4001 {
			header_up Host {host}
		}
	}

	# WebSocket upgrade → backend
	handle /ws {
		reverse_proxy backend:4001
	}

	# Everything else: static SPA with client-side routing fallback
	handle {
		root * /srv
		try_files {path} /index.html
		file_server
	}

	# HTTP basic auth (in-house only). Uncomment + set CADDY_BASIC_AUTH env.
	# basic_auth {
	# 	{$CADDY_BASIC_AUTH}
	# }
}
