# TLS termination for CHANGE_ME — host-specific
# Caddy handles Let's Encrypt automatically via its /data volume.
# Routes traffic through Anubis PoW (default) or directly to Caddy-Proxy.
# Replace every CHANGE_ME with your domain before deploying.

# Domain routed through Anubis PoW challenge
CHANGE_ME {
	reverse_proxy proxy-anubis:8080 {
		header_up X-Real-Ip {http.request.remote.host}
	}
}

# Direct route — no Anubis PoW
direct.CHANGE_ME {
	reverse_proxy proxy-caddy-proxy:3001 {
		header_up X-Real-Ip {http.request.remote.host}
	}
}

# Mail server — direct (no Anubis PoW: JMAP, OAuth, SSE streams need direct API access)
mail.CHANGE_ME {
	reverse_proxy proxy-caddy-proxy:3001 {
		header_up X-Real-Ip {http.request.remote.host}
	}
}

# frps dashboard route — through Anubis PoW
frps.CHANGE_ME {
	reverse_proxy proxy-anubis:8080 {
		header_up X-Real-Ip {http.request.remote.host}
	}
}