{
    auto_https disable_redirects

    storage file_system {
        root /mnt/data/caddy
    }

    servers {
        # trusted_proxies placeholder
    }

    log {
        level ERROR
    }
}

https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
    header -Server
    header -X-Powered-By

    # Collabora
    route /browser/* {
        reverse_proxy {$COLLABORA_HOST}:9980
    }
    route /hosting/* {
        reverse_proxy {$COLLABORA_HOST}:9980
    }
    route /cool/* {
        reverse_proxy {$COLLABORA_HOST}:9980
    }

    # Notify Push
    route /push/* {
        uri strip_prefix /push
        reverse_proxy {$NOTIFY_PUSH_HOST}:7867
    }

    # Onlyoffice
    route /onlyoffice/* {
        uri strip_prefix /onlyoffice
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.host}/onlyoffice
            header_up X-Forwarded-Proto https
        }
    }

    # Talk
    route /standalone-signaling/* {
        uri strip_prefix /standalone-signaling
        reverse_proxy {$TALK_HOST}:8081
    }

    # Others
    import /mnt/data/caddy-imports/*

    # Nextcloud
    route {
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
        reverse_proxy localhost:8000
    }

    # TLS options
    tls {
        issuer acme {
            disable_http_challenge
        }
    }
}
