{
    auto_https off
    # home-caddy (docker bridge 사설망) 가 TLS 를 종단하고 X-Forwarded-Proto: https
    # 를 전달. trusted_proxies 없으면 Caddy 가 incoming scheme (http) 로 덮어써
    # FastAPI 307 redirect 의 Location 헤더가 http:// 로 나가 mixed-content block.
    servers {
        trusted_proxies static private_ranges
    }
}

http://document.hyungi.net {
    encode gzip

    # API + 문서 → FastAPI
    handle /api/* {
        reverse_proxy fastapi:8000
    }
    handle /docs {
        reverse_proxy fastapi:8000
    }
    handle /openapi.json {
        reverse_proxy fastapi:8000
    }
    handle /health {
        reverse_proxy fastapi:8000
    }
    handle /setup {
        reverse_proxy fastapi:8000
    }

    # 프론트엔드
    handle {
        reverse_proxy frontend:3000
    }
}

# Synology Office 프록시
http://office.hyungi.net {
    reverse_proxy https://ds1525.hyungi.net:5001 {
        header_up Host {upstream_hostport}
        transport http {
            tls_insecure_skip_verify
        }
    }
}
