# Caddyfile.prod — production (HTTPS)

{
  email admin@skymoneybudget.com
}

skymoneybudget.com {
  encode zstd gzip

  # Security headers
  header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    Referrer-Policy "strict-origin-when-cross-origin"
  }

  # Serve static SPA
  root * /var/www/skymoney/dist
  file_server

  # SPA fallback
  try_files {path} /index.html

  # Proxy API
  handle_path /api/* {
    reverse_proxy 127.0.0.1:8081
  }
}