# Global options
{
    auto_https disable_redirects
    email k.radikal@gmail.com
}

# Consolidated wildcard site block
*.klhoud.com, http://*.klhoud.com {
    # Automatic HTTPS via DNS challenge for all subdomains
    tls {
        dns cloudflare {$CLOUDFLARE_API_TOKEN}
    }
    
    # Proxmox
    @proxmox host proxmox.klhoud.com
    handle @proxmox {
        reverse_proxy https://192.168.0.112:8006 {
            # Required for connecting to Proxmox's self-signed/untrusted certificate
            transport http {
                tls_insecure_skip_verify
                versions 1.1
            }
        }
    }
    
    # AdGuard Home
    @adguard host adguard.klhoud.com
    handle @adguard {
        reverse_proxy 192.168.0.170:80
    }
    
    # Dockge
    @dockge host dockge.klhoud.com
    handle @dockge {
        reverse_proxy 192.168.0.12:5001
    }
    
    # Nextcloud
    @cloud host cloud.klhoud.com
    handle @cloud {
        reverse_proxy 192.168.0.12:8080
        # Nextcloud-specific headers
        header Strict-Transport-Security "max-age=31536000;"
        
        # Handle large file uploads
        request_body {
            max_size 10GB
        }
    }

    # Coolify
    @coolify host coolify.klhoud.com
    handle @coolify {	    
	reverse_proxy 192.168.0.47:80
    }

    # IMPORTANT: Fallback Handler
    # This prevents non-matching requests from falling through and failing.
    handle {
        respond "Not Found" 404
    }
}
