# By Ki-Hong Min
# LB Redir Test
#(cors) {
#  @cors_preflight method OPTIONS
#  @cors header Origin {args.0}

#  handle @cors_preflight {
#    header Access-Control-Allow-Origin "{args.0}"
#    header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
#    header Access-Control-Allow-Headers "Content-Type"
#    header Access-Control-Max-Age "3600"
#    header defer
#    respond "" 204
#  }

#  handle @cors {
#    header Access-Control-Allow-Origin "{args.0}"
#    header Access-Control-Expose-Headers *
#    header defer
#  }
#}

#(cors) {
#        @cors_preflight{args.0} method OPTIONS
#        @cors{args.0} header Origin {args.0}#

#        handle @cors_preflight{args.0} {
#                header {
#                        Access-Control-Allow-Credentials "{args.0}"
#                        Access-Control-Allow-Origin "{args.0}"
#                        Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
#                        Access-Control-Allow-Headers *
#                        Access-Control-Max-Age "3600"
#                        defer   #turn on defer on your header directive to make sure the new header values are set after proxying
#                }
#                respond "" 204
#        }

#        handle @cors{args.0} {
#                header {
#                        Access-Control-Allow-Credentials "{args.0}"
#                        Access-Control-Allow-Origin "{args.0}"
#                        Access-Control-Expose-Headers *
                       
#                        defer
#                }
#        }
#}

(headers) {
  header {
    Access-Control-Allow-Credentials true
    Access-Control-Allow-Origin *
    Access-Control-Allow-Headers *
    Access-Control-Allow-Methods *
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options nosniff
    Content-Security-Policy upgrade-insecure-requests
    Referrer-Policy no-referrer-when-downgrade
    Cache-Control "public, max-age=3600, must-revalidate"
    Feature-Policy "geolocation 'none'; camera 'none'; microphone 'none'"
    defer
    }
}
###################################################################
#  Middleware                                                   ###
###################################################################


(authenticate) {
    reverse_proxy /outpost.goauthentik.io/* 0.0.0.0:21304

    forward_auth 0.0.0.0:21304 {
        uri /outpost.goauthentik.io/auth/caddy
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
        trusted_proxies private_ranges
    }
}

######################################
# 140 Management Network


ul.1.goodg.org {
    reverse_proxy 0.0.0.0:21301
}

dl.1.goodg.org {
    reverse_proxy 0.0.0.0:21302
}