# ==============================================
# LLMHosts -- Caddy reverse proxy configuration
# ==============================================
# Usage:
#   1. Replace "llmhost.example.com" with your actual domain.
#   2. Point your domain's DNS A record to this server's IP.
#   3. Caddy obtains TLS certificates from Let's Encrypt automatically.
#
# For Docker:
#   Copy this file to the project root as "Caddyfile" and start
#   docker-compose.prod.yml. Caddy reads it from the volume mount.
#
# For bare metal:
#   sudo cp contrib/Caddyfile /etc/caddy/Caddyfile
#   sudo systemctl reload caddy

llmhost.example.com {
	reverse_proxy localhost:4000 {
		# Pass client IP to LLMHosts for rate limiting
		header_up X-Real-IP {remote_host}
		header_up X-Forwarded-For {remote_host}
		header_up X-Forwarded-Proto {scheme}
	}

	# Streaming support for chat completions (SSE) and WebSocket dashboard
	# Caddy handles this correctly by default -- no special buffering config needed.

	# Security headers
	header {
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		Referrer-Policy "strict-origin-when-cross-origin"
		-Server
	}

	# Logging
	log {
		output file /var/log/caddy/llmhost-access.log {
			roll_size 100MiB
			roll_keep 5
		}
	}
}
