{
    # Global Caddy options.
    #
    # auto_https on
    #   - Caddy listens on port 80 for every host (ACME + redirect).
    #   - Automatically issues HTTPS certificates.
    #   - Automatically redirects HTTP → HTTPS unless disabled.
    #
}

# ------------------------------------------------------------
# Redirect www → root domain
# ------------------------------------------------------------
www.avaaz.ai {
    # Permanent redirect to naked domain
    redir https://avaaz.ai{uri} permanent
}

# ------------------------------------------------------------
# Marketing site (optional — if frontend handles it, remove this)
# Redirect root → app
# ------------------------------------------------------------
avaaz.ai {
    # If you have a static marketing page, serve it here.
    # If not, redirect visitors to the app.
    redir https://app.avaaz.ai{uri}
}

# ------------------------------------------------------------
# Frontend (Next.js)
# Public URL: https://app.avaaz.ai
# Internal target: frontend:3000
# ------------------------------------------------------------
app.avaaz.ai {
    # Reverse-proxy HTTPS traffic to the frontend container
    reverse_proxy frontend:3000

    # Access log for debugging frontend activity
    log {
        output file /data/app-access.log
    }

    # Compression for faster delivery of JS, HTML, etc.
    encode gzip zstd
}

# ------------------------------------------------------------
# Backend (FastAPI)
# Public URL: https://api.avaaz.ai
# Internal target: backend:8000
# ------------------------------------------------------------
api.avaaz.ai {
    # Reverse-proxy all API traffic to FastAPI
    reverse_proxy backend:8000

    # Access log — useful for monitoring API traffic and debugging issues
    log {
        output file /data/api-access.log
    }

    # Enable response compression (JSON, text, etc.)
    encode gzip zstd
}

# ------------------------------------------------------------
# LiveKit (signaling only — media uses direct UDP)
# Public URL: wss://rtc.avaaz.ai
# Internal target: livekit:7880
# ------------------------------------------------------------
rtc.avaaz.ai {
    # LiveKit uses WebSocket signaling, so we reverse-proxy WS → WS
    reverse_proxy livekit:7880

    # Access log — helps diagnose WebRTC connection failures
    log {
        output file /data/rtc-access.log
    }

    # Compression not needed for WS traffic, but harmless
    encode gzip zstd
}

# ------------------------------------------------------------
# Gitea (Git server UI + HTTPS + SSH clone)
# Public URL: https://git.avaaz.ai
# Internal target: gitea:3000
# ------------------------------------------------------------
git.avaaz.ai {
    # Route all HTTPS traffic to Gitea’s web UI
    reverse_proxy gitea:3000

    # Log all Git UI requests and API access
    log {
        output file /data/git-access.log
    }

    # Compress UI responses
    encode gzip zstd
}