# server/Caddyfile
# Production: replace ":443" with your domain, e.g. "argos.yourdomain.com"
# Caddy will auto-obtain a Let's Encrypt cert for a real domain.

:443 {
    reverse_proxy argos-server:9090

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Referrer-Policy "no-referrer"
    }

    log {
        output stdout
        format json
    }
}
