#!/usr/bin/caddy run --environ --watch --config /etc/caddy/Caddyfile
{
	debug
	email "ca@sharnoby.eu.org"
	default_sni localhost
	skip_install_trust
	ocsp_stapling off
	acme_dns cloudflare {env.CF_API_TOKEN}
	# dns cloudflare {env.CF_API_TOKEN}
	#	ech ech.sharnoby.eu.org
	admin unix/{$HOME}/.config/caddy/caddy-admin.sock
	order reverse_proxy before respond
	order file_server before respond
	preferred_chains smallest
	pki {
		ca local {
			name "Sharnoby CA"
		}
	}

	log {
		# exclude http.auto_https pki.ca.local admin.api
		format console
	}
}

import auth.caddyfile

(host) {
	@{args[0]} host {args[0]}.sharnoby.eu.org
}

(reverse_host) {
	@{args[0]} host {args[0]}.sharnoby.eu.org
	reverse_proxy @{args[0]} {args[1:]}
}

(error) {
	handle_errors {
		@502 `{err.status_code} == 502`
		header @502 Refresh "1; url=/"
		respond @502 "Temporarily Unavailable"
		respond "Caddy Error : {err.status_code} {err.status_text}"
	}
}

(websockets) {
	@websockets {
		header Connection *Upgrade*
		header Upgrade websocket
	}
}

:443 {
	@unsecure "{http.request.local.port} == 80"
	@secure "{http.request.local.port} == 443"
	respond @unsecure "Hello Unsecure {http.request.local.host}" 203
	respond @secure "Hello Secure {http.request.local.host}" 203
}

localhost {
	tls {
		reuse_private_keys
		issuer internal
	}
	respond "Hello localhost" 203
}

sharnoby.eu.org, *.sharnoby.eu.org {
	tls {
		reuse_private_keys
	}
	encode gzip
	root * /home/lan/.config/www
	import error
	respond {labels.3}

	@mainDomain `{labels.3} == ""`
	handle @mainDomain {
		templates
		file_server
		rewrite * index.html
	}

	import host config
	handle @config {
		encode gzip
		file_server browse {
			index .
		}
		templates
	}

	@code_ports vars_regexp {labels.3} ^code-(80\d{2})$
	reverse_proxy @code_ports localhost:{http.regexp.1}
	import reverse_host code localhost:8443

	# import reverse_host supabase localhost:7000
	# import reverse_host portainer localhost:10000
	# import reverse_host dockge localhost:5000
	# import reverse_host chromium localhost:10001
	# import reverse_host pgadmin localhost:10002
	import reverse_host cloud localhost:10003
	import reverse_host webtop localhost:10004
	import reverse_host transmission localhost:9091
	import reverse_host watch localhost:9096
	route @cloud {
		redir /.well-known/carddav /remote.php/dav 301
		redir /.well-known/caldav /remote.php/dav 301
		redir /.well-known/webfinger /index.php/.well-known/webfinger 301
		redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
		header +Strict-Transport-Security "max-age=15552000; includeSubDomains"
	}

	# import host php
	# root @php /home/ubuntu/docker/php/wordpress/
	# php_fastcgi @php localhost:9000 {
	# 	root /var/www/html/
	# }
	# file_server @php
	# import reverse_host php localhost:9000

	import reverse_host ghost localhost:9095
	import auth_old ghost

	import host files
	import auth files
	handle @files {
		root * /home/lan
		file_server browse {
			hide .*
			index .
		}
		@notget not method GET
		route @notget {
			webdav
		}
	}
}