# jnss-web Static Site Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY

# WWW Redirect - apex is primary
www.{{ jnss_web_domain }} {
    redir https://{{ jnss_web_domain }}{uri} permanent
}

# Primary Domain
{{ jnss_web_domain }} {
    root * {{ jnss_web_root }}
    file_server

    # SPA routing - serve index.html for all routes
    try_files {path} /index.html

    # Security headers
    header {
        X-Frame-Options SAMEORIGIN
        X-Content-Type-Options nosniff
        X-XSS-Protection "1; mode=block"
        Referrer-Policy strict-origin-when-cross-origin
        Permissions-Policy "geolocation=(), microphone=(), camera=()"
    }

    # Cache static assets aggressively
    @static {
        path /_app/* /assets/* /icons/* *.ico *.png *.jpg *.jpeg *.svg *.webp *.woff *.woff2 *.css *.js
    }
    header @static {
        Cache-Control "public, max-age=31536000, immutable"
        Vary "Accept-Encoding"
    }

    # Cache HTML with shorter duration
    @html {
        path *.html /
    }
    header @html {
        Cache-Control "public, max-age=3600, must-revalidate"
    }

    # Enable compression
    encode gzip

    # Logging
    log {
        output file /var/log/caddy/jnss-web.log {
            roll_size 100mb
            roll_keep 5
        }
        format json {
            time_format "2006-01-02T15:04:05.000Z07:00"
        }
        level INFO
    }
}