(auth) {
	basicauth {
		admin $2a$14$DahHUWD2cKyXJ96sH5VQwuQv1bqmIn0gsdoSaw4mofzfdNY2Y0VsO
	}
}

(common) {
	encode gzip zstd
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()"
		Cross-Origin-Opener-Policy "same-origin"
		Cross-Origin-Resource-Policy "same-origin"
		Cross-Origin-Embedder-Policy "require-corp"
	}
}

{
	# Global DNS provider for ACME DNS challenge
	acme_dns bunny {env.BUNNY_API_KEY}
	
	# Dynamic DNS configuration
	dynamic_dns {
		provider bunny {env.BUNNY_API_KEY}
		domains {
			gynther.se @ www prowlarr radarr sonarr jellyfin qbittorrent wetty gitea import recept test nzbget
		}
		check_interval 5m
		ttl 300s
		versions ipv4
	}
}

test.gynther.se {
	import common
	reverse_proxy recipe-flutter:5000
}

nzbget.gynther.se {
	import common
	reverse_proxy http://192.168.50.4:6789
}

prowlarr.gynther.se {
	import common
	reverse_proxy http://prowlarr:9696
}

radarr.gynther.se {
	import common
	reverse_proxy http://radarr:7878
}

sonarr.gynther.se {
	import common
	reverse_proxy http://sonarr:8989
}

jellyfin.gynther.se {
	reverse_proxy http://jellyfin:8096
}

qbittorrent.gynther.se {
	import common
	reverse_proxy 192.168.50.4:8080
}

wetty.gynther.se {
	import auth
	import common
	redir / /wetty
	reverse_proxy wetty:3001
}

gitea.gynther.se {
	import common
	reverse_proxy 192.168.50.2:3002
}

# ============================================
# Import Service (Document Converter) - Standalone UI
# ============================================
import.gynther.se {
	import common
	reverse_proxy recipe-import-service:3000
}

# ============================================
# RECIPE APP + IMPORT SERVICE
# ============================================
recept.gynther.se {
	import common

	# === IMPORT SERVICE (Document Converter) ===
	# Dessa endpoints måste komma FÖRST innan backend reglerna!
	handle /api/recipes/import* {
		reverse_proxy recipe-import-service:3000
	}

	# === RECIPE FRONTEND PROXY ENDPOINTS ===
	# Next.js API routes
	handle /api/inventory-history-proxy {
		reverse_proxy recipe-frontend:3000
	}

	handle /api/admin/merge-preview-proxy {
		reverse_proxy recipe-frontend:3000
	}

	handle /api/recipe-preview-proxy {
		reverse_proxy recipe-frontend:3000
	}

	# === RECIPE BACKEND API ENDPOINTS ===
	# Backend körs på port 8080 (från docker-compose)
	handle /api/products* {
		reverse_proxy recipe-api:8080
	}

	handle /api/inventory* {
		reverse_proxy recipe-api:8080
	}

	handle /api/recipes* {
		reverse_proxy recipe-api:8080
	}

	# === HEALTH CHECKS ===
	handle /health {
		reverse_proxy recipe-api:8080
	}

	# === CATCH ALL ===
	# Övriga /api/* går till frontend
	handle /api/* {
		reverse_proxy recipe-frontend:3000
	}

	# Frontend - catch all remaining routes (port 3000)
	reverse_proxy /* recipe-frontend:3000}