{
	# Cache module
	order cache before rewrite
	cache {
		ttl 10m
	}
}

jenkins.lucasroyer.fr {
	# Security
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
	}

	# Large files
	request_body {
		max_size 512MB
	}

	# Compression
	encode zstd gzip

	# Redirect
	reverse_proxy jenkins:8080 {
		flush_interval -1
	}
}

portfolio.lucasroyer.fr {
	# Cache
	cache {
		ttl 24h
		stale 12h
	}

	# Security
	header {
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	}

	# Static files
	@static {
		path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
	}
	header @static Cache-Control "public, max-age=604800, must-revalidate"

	# 4. Logs (pour voir tes stats de visites dans Docker)
	log {
		output file /data/portfolio_access.log
	}

	# Errors
	handle_errors {
		# If error is 502, 503 or 504, show error.html without changing client URL
		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504

		handle @service_out {
			root * /srv
			rewrite * /error.html
			file_server
		}
	}

	# Compression
	encode zstd gzip

	# Redirect
	reverse_proxy portfolio:80
}
