www.api-index.org {
	reverse_proxy portal-a:8081 portal-b:8081 {
		lb_policy       first
		health_uri      /q/health/live
		health_interval 5s
		fail_duration   30s
	}
	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
}

api-index.org {
	reverse_proxy registry-a:8180 registry-b:8180 {
		lb_policy       first
		health_uri      /q/health/live
		health_interval 5s
		fail_duration   30s
	}

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		-Server
	}

	log {
		output file /var/log/caddy/api-index.log
		format json
	}
}

demo.api-index.org {
	reverse_proxy demo-a:8083 demo-b:8083 {
		lb_policy       first
		health_uri      /q/health/live
		health_interval 5s
		fail_duration   30s
	}
	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
	header X-Content-Type-Options "nosniff"
	header -Server
}

git.api-index.org {
	reverse_proxy gitea:3001
	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
	header -Server
}

# grafana.api-index.org — access via SSH tunnel for now:
#   ssh -L 3000:localhost:3000 deploy@204.168.156.179
# Uncomment when DNS record is added and bcrypt hash is generated:
#   caddy hash-password --plaintext <password>
# grafana.api-index.org {
# 	basic_auth {
# 		admin $2a$14$REPLACE_WITH_BCRYPT_HASH
# 	}
# 	reverse_proxy grafana:3000
# 	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
# }
