# Caddyfile for HR AI with automatic HTTPS

{$DOMAIN:localhost} {
    # Backend API routes
    handle /api/* {
        reverse_proxy backend:8000
    }

    # Health check endpoint
    handle /health {
        reverse_proxy backend:8000
    }

    # OpenAPI docs
    handle /docs {
        reverse_proxy backend:8000
    }

    handle /redoc {
        reverse_proxy backend:8000
    }

    handle /openapi.json {
        reverse_proxy backend:8000
    }

    # Frontend - proxy everything else to Next.js
    handle {
        reverse_proxy frontend:3000
    }

    # Enable gzip compression
    encode gzip

    # Security headers
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        X-XSS-Protection "1; mode=block"
        Access-Control-Allow-Origin "*"
        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Access-Control-Allow-Headers "Content-Type, Authorization"
    }

    # Logging
    log {
        output file /var/log/caddy/access.log
        format json
    }
}