# Shared internal routing — host-agnostic
# Requests arrive from proxy-anubis (PoW-gated) or proxy-caddy-tls (direct)
# Replace every CHANGE_ME with your domain before deploying.

:3001 {
	# Default test route
	respond "Hello from CHANGE_ME" 200
}

http://frps.CHANGE_ME:3001 {
	reverse_proxy proxy-frps:7500
}

http://mail.CHANGE_ME:3001 {
	# JMAP API → Stalwart
	handle /.well-known/jmap {
		reverse_proxy mail-stalwart:8080 {
			header_down Access-Control-Allow-Origin "https://mail.CHANGE_ME"
			header_down +Access-Control-Allow-Credentials "true"
		}
	}
	handle /jmap/* {
		reverse_proxy mail-stalwart:8080 {
			header_down Access-Control-Allow-Origin "https://mail.CHANGE_ME"
			header_down +Access-Control-Allow-Credentials "true"
		}
	}

	# Everything else → Bulwark webmail
	handle {
		reverse_proxy mail-bulwark:3000
	}
}