{
  storage file_system <%= @app_dir %>
}

(header) {
  header {
    Strict-Transport-Security "max-age=31536000;"
    X-Frame-Options "DENY"
    X-Content-Type-Options "nosniff"
  }
}
(default) {
  import header
  log {
    output file <%= @log_dir %>/{args.0}.log {
      roll_size     <%= @logs_roll_size %>
      roll_keep     <%= @logs_roll_keep %>
      roll_keep_for <%= @logs_roll_for %>
    }
    format filter {
      wrap console
      fields {
        request>duration delete
        request>headers delete
        request>size delete
        request>tls delete
        request>remote_port delete
        resp_headers delete
        bytes_read delete
        user_id delete
      }
    }
  }
  vars upstream {args.1}

  reverse_proxy {args.1} {
    header_up Host {args.0}
    header_up X-Real-IP {http.request.remote.host}
    header_up X-Forwarded-For {http.request.remote.host}
    header_up X-Container-IP {args.1}
  }
}

(internal) {
  @internal remote_ip <%= @internal %>
  @external not remote_ip <%= @internal %>
  abort @external
}

<% @hosts.each do |entry| -%> <% domain, upstream, hostname = entry.split(' ') -%><%= domain %> {
  import internal
  import <%= @config_dir %>/*<%= hostname %>.caddy

  tls internal
  import default <%= hostname %> <%= upstream %>
}
<% end -%>

import <%= @config_dir %>/*.local.caddy