# Caddy reverse proxy configuration for Xtablo production.
#
# Caddy automatically:
#   - Provisions a TLS certificate via Let's Encrypt (ACME) when a domain name is provided.
#   - Redirects HTTP (port 80) to HTTPS (port 443).
#   - Renews the certificate before it expires.
#
# Required environment variable:
#   DOMAIN — set this to your production domain in .env.prod (e.g. app.yourdomain.com).
#   Caddy reads {$DOMAIN} from the environment at startup.
#
# Let's Encrypt staging note (RESEARCH Pitfall 4):
#   Let's Encrypt enforces rate limits (5 duplicate certificates per week per domain).
#   For initial setup and testing, add a global block to use the staging endpoint:
#
#     {
#       acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
#     }
#
#   Remove the global block (or comment it out) before going live to switch to
#   production certificates. The caddy_data volume must be cleared between staging
#   and production to avoid certificate cache conflicts.

{$DOMAIN} {
    reverse_proxy web:8080
}