# Enhanced Caddyfile with Live Streaming Support
# Caddy handles HTTP/HTTPS while SRS handles RTMP

{
    # Global options
    admin off
    auto_https on
}

# Main domain
{$DOMAIN:localhost} {
    # Root directory
    root * /var/www/html
    
    # PHP handling
    php_fastcgi php:9000
    
    # File server for static assets
    file_server
    
    # Live streaming HLS proxy to SRS
    handle /live/hls/* {
        reverse_proxy srs:8080 {
            header_up Host {upstream_hostport}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
    
    # Live streaming HTTP-FLV proxy to SRS
    handle /live/flv/* {
        reverse_proxy srs:8080 {
            header_up Host {upstream_hostport}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
    
    # SRS API proxy
    handle /api/srs/* {
        reverse_proxy srs:1985 {
            header_up Host {upstream_hostport}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
    
    # WebSocket support for real-time features
    @websockets {
        header Connection *Upgrade*
        header Upgrade websocket
    }
    handle @websockets {
        reverse_proxy php:9000
    }
    
    # Security headers
    header {
        # Security headers
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"
        
        # CORS for streaming
        Access-Control-Allow-Origin "*"
        Access-Control-Allow-Methods "GET, POST, OPTIONS"
        Access-Control-Allow-Headers "Content-Type, Authorization"
    }
    
    # Gzip compression
    encode gzip
    
    # Cache static assets
    @static {
        file
        path *.css *.js *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
    }
    handle @static {
        header Cache-Control "public, max-age=31536000"
        file_server
    }
    
    # Cache video segments
    @segments {
        path *.ts *.m3u8
    }
    handle @segments {
        header Cache-Control "public, max-age=10"
        file_server
    }
    
    # Handle API routes
    handle /api/* {
        php_fastcgi php:9000
    }
    
    # Handle uploads
    handle /upload* {
        request_body {
            max_size 2GB
        }
        php_fastcgi php:9000
    }
    
    # Logging
    log {
        output file /var/log/caddy/access.log
        format json
    }
    
    # Error handling
    handle_errors {
        @404 {
            expression {http.error.status_code} == 404
        }
        handle @404 {
            rewrite * /404.php
            php_fastcgi php:9000
        }
        
        @500 {
            expression {http.error.status_code} >= 500
        }
        handle @500 {
            rewrite * /500.php
            php_fastcgi php:9000
        }
    }
}

# Admin subdomain (optional)
admin.{$DOMAIN:localhost} {
    root * /var/www/html
    php_fastcgi php:9000
    
    # Restrict to admin only
    basicauth {
        admin $2a$14$hNf2lJ8x.O3jQd8hdZWCOeB7oB8QrNn7fJ5F5F5F5F5F5F5F5F5F5
    }
    
    # Admin-specific routes
    handle /admin/* {
        php_fastcgi php:9000
    }
}

# Streaming subdomain (optional)
stream.{$DOMAIN:localhost} {
    # Redirect all streaming traffic to main domain
    redir https://{$DOMAIN:localhost}/live{uri} permanent
}