# Example Caddy Reverse Proxy Configuration
# This is an OPTIONAL configuration if you want to use Caddy as your reverse proxy
# The application runs on HTTP and does not require Caddy - you can use any reverse proxy
#
# Caddy is recommended for its simplicity and automatic HTTPS with Let's Encrypt

# Step 1: Install Caddy
# Ubuntu/Debian:
# sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
# curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
# curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
# sudo apt update
# sudo apt install caddy

# Step 2: Create/edit /etc/caddy/Caddyfile with the content below
# Replace 'yourdomain.com' with your actual domain
# Replace '8000' with your application port if different

# ========== Caddyfile Content ==========

yourdomain.com {
    # Caddy automatically handles HTTPS with Let's Encrypt!

    # Reverse proxy to your application
    reverse_proxy localhost:8000

    # Optional: Add security headers
    header {
        # Enable HSTS
        Strict-Transport-Security "max-age=31536000; includeSubDomains"

        # Prevent clickjacking
        X-Frame-Options "SAMEORIGIN"

        # Prevent MIME type sniffing
        X-Content-Type-Options "nosniff"

        # Enable XSS protection
        X-XSS-Protection "1; mode=block"
    }

    # Optional: Custom logging
    log {
        output file /var/log/caddy/faction-war.log
    }
}

# ========== End Caddyfile Content ==========

# Step 3: Validate configuration
# sudo caddy validate --config /etc/caddy/Caddyfile

# Step 4: Reload Caddy
# sudo systemctl reload caddy

# Step 5: Configure firewall
# sudo ufw allow 80/tcp
# sudo ufw allow 443/tcp

# That's it! Caddy will automatically:
# - Get SSL certificate from Let's Encrypt
# - Renew certificates automatically
# - Redirect HTTP to HTTPS
# - Handle all SSL/TLS configuration

# Your application will now be accessible at https://yourdomain.com

# Useful Caddy commands:
# sudo systemctl status caddy     # Check status
# sudo systemctl restart caddy    # Restart Caddy
# sudo journalctl -u caddy -f     # View logs
# caddy version                   # Check Caddy version