# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.


# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
# PORTAL-ENTRY
portal.int.de {
    tls internal {
        on_demand
    }
    handle_path /static* {
        root * /var/www/libre-workspace-static
        file_server
        encode zstd gzip
    }
    handle_path /media* {
        root * /var/lib/libre-workspace/portal/media
        file_server
        encode zstd gzip
    }
    reverse_proxy localhost:11123
}


cert.int.de {
    tls internal
    root * /var/www/cert/
    file_server browse
}


cloud.int.de {
  tls internal

  @lw_usersettings { 
    path /settings/users 
    path /index.php/settings/users
  }
  handle @lw_usersettings {
    redir https://portal.int.de/idm/user_overview 
  }

  root * /var/www/nextcloud
  file_server

  php_fastcgi unix//var/run/php/php-fpm.sock {
    # This is for removing "index.php" from the URL
    env front_controller_active true
  }

  header {
    Strict-Transport-Security max-age=31536000; # enable HSTS
  }

  redir /.well-known/carddav /remote.php/dav 301
  redir /.well-known/caldav /remote.php/dav 301

  @forbidden {
    path /.htaccess
    path /data/*
    path /config/*
    path /db_structure
    path /.xml
    path /README
    path /3rdparty/*
    path /lib/*
    path /templates/*
    path /occ
    path /console.php
  }

  respond @forbidden 404
}

office.int.de {
  tls internal
  encode gzip
  reverse_proxy https://127.0.0.1:9980 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}



matrix.int.de {
  tls internal
  handle_path /.well-known* {
    header {
      Access-Control-Allow-Origin *
    }
    root * /var/www/matrix/.well-known
    file_server
  }
  reverse_proxy localhost:8008
}


element.int.de {
  tls internal
  reverse_proxy localhost:15124
}


meet.int.de {
    tls internal
    reverse_proxy localhost:30323
}

192.168.153.191 http://localhost {
      tls internal
      handle_path /static* {
          root * /var/www/libre-workspace-static
          file_server
          encode zstd gzip
      } 
      handle {
      rewrite * /welcome/access
      reverse_proxy localhost:11123
      }
  }

  

desktop.int.de {
  tls internal
  redir / /guacamole/ 301
  reverse_proxy localhost:28925
}

