{{ sigvild_gallery_frontend_domain }} {
    root * {{ sigvild_gallery_web_root }}
    file_server

    # SPA routing - serve index.html for all routes
    try_files {path} /index.html

    # Security headers
    header {
        X-Frame-Options DENY
        X-Content-Type-Options nosniff
        X-XSS-Protection "1; mode=block"
        Referrer-Policy strict-origin-when-cross-origin
        Permissions-Policy "geolocation=(), microphone=(), camera=()"
    }

    # Cache static assets aggressively
    @static {
        path /_app/* /assets/* /icons/* *.ico *.png *.jpg *.jpeg *.svg *.webp *.woff *.woff2
    }
    header @static {
        Cache-Control "public, max-age=31536000, immutable"
        Vary "Accept-Encoding"
    }

    # Cache HTML with shorter duration
    @html {
        path *.html /
    }
    header @html {
        Cache-Control "public, max-age=3600, must-revalidate"
    }

    # Enable compression
    encode gzip

    # Logging for debugging (can be removed in production)
    log {
        output file /var/log/caddy/sigvild-frontend.log
        level INFO
    }
}