{{ sigvild_gallery_api_domain }} {
    reverse_proxy {{ sigvild_gallery_host }}:{{ sigvild_gallery_port }} {
        header_up Host {upstream_hostport}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto https
        
        # Health check
        health_uri /api/health
        health_timeout 5s
        health_interval 30s
    }

    # CORS headers for frontend domain
    @cors {
        header Origin https://{{ sigvild_gallery_frontend_domain }}
    }
    header @cors {
        Access-Control-Allow-Origin "https://{{ sigvild_gallery_frontend_domain }}"
        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
        Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
        Access-Control-Allow-Credentials true
        Access-Control-Max-Age 86400
    }

    # Handle preflight requests
    @preflight {
        method OPTIONS
    }
    respond @preflight 204

    # Security headers for API
    header {
        X-Frame-Options DENY
        X-Content-Type-Options nosniff
        X-XSS-Protection "1; mode=block"
        Referrer-Policy strict-origin-when-cross-origin
    }

    # API logging
    log {
        output file /var/log/caddy/sigvild-api.log
        level INFO
        format json
    }
}