first commit

infra/Caddyfile

@@ -0,0 +1,99 @@
+{
+    # Global Caddy options.
+    #
+    # auto_https on
+    #   - Caddy listens on port 80 for every host (ACME + redirect).
+    #   - Automatically issues HTTPS certificates.
+    #   - Automatically redirects HTTP → HTTPS unless disabled.
+    #
+}
+
+# ------------------------------------------------------------
+# Redirect www → root domain
+# ------------------------------------------------------------
+www.avaaz.ai {
+    # Permanent redirect to naked domain
+    redir https://avaaz.ai{uri} permanent
+}
+
+# ------------------------------------------------------------
+# Marketing site (optional — if frontend handles it, remove this)
+# Redirect root → app
+# ------------------------------------------------------------
+avaaz.ai {
+    # If you have a static marketing page, serve it here.
+    # If not, redirect visitors to the app.
+    redir https://app.avaaz.ai{uri}
+}
+
+# ------------------------------------------------------------
+# Frontend (Next.js)
+# Public URL: https://app.avaaz.ai
+# Internal target: frontend:3000
+# ------------------------------------------------------------
+app.avaaz.ai {
+    # Reverse-proxy HTTPS traffic to the frontend container
+    reverse_proxy frontend:3000
+
+    # Access log for debugging frontend activity
+    log {
+        output file /data/app-access.log
+    }
+
+    # Compression for faster delivery of JS, HTML, etc.
+    encode gzip zstd
+}
+
+# ------------------------------------------------------------
+# Backend (FastAPI)
+# Public URL: https://api.avaaz.ai
+# Internal target: backend:8000
+# ------------------------------------------------------------
+api.avaaz.ai {
+    # Reverse-proxy all API traffic to FastAPI
+    reverse_proxy backend:8000
+
+    # Access log — useful for monitoring API traffic and debugging issues
+    log {
+        output file /data/api-access.log
+    }
+
+    # Enable response compression (JSON, text, etc.)
+    encode gzip zstd
+}
+
+# ------------------------------------------------------------
+# LiveKit (signaling only — media uses direct UDP)
+# Public URL: wss://rtc.avaaz.ai
+# Internal target: livekit:7880
+# ------------------------------------------------------------
+rtc.avaaz.ai {
+    # LiveKit uses WebSocket signaling, so we reverse-proxy WS → WS
+    reverse_proxy livekit:7880
+
+    # Access log — helps diagnose WebRTC connection failures
+    log {
+        output file /data/rtc-access.log
+    }
+
+    # Compression not needed for WS traffic, but harmless
+    encode gzip zstd
+}
+
+# ------------------------------------------------------------
+# Gitea (Git server UI + HTTPS + SSH clone)
+# Public URL: https://git.avaaz.ai
+# Internal target: gitea:3000
+# ------------------------------------------------------------
+git.avaaz.ai {
+    # Route all HTTPS traffic to Gitea’s web UI
+    reverse_proxy gitea:3000
+
+    # Log all Git UI requests and API access
+    log {
+        output file /data/git-access.log
+    }
+
+    # Compress UI responses
+    encode gzip zstd
+}