# Example Caddy reverse proxy config for kitty-web
#
# Prerequisites:
# - Caddy v2 with HTTPS
# - OAuth2 Proxy, Authentik, or Authelia for authentication (recommended)
# - ttyd running on TTYD_HOST:7681
# - notify server running on TTYD_HOST:7682
#
# Replace TTYD_HOST with the IP/hostname of the machine running kitty-web.
# Replace the auth snippet with your own authentication setup.

# --- Authentication snippet (pick one) ---

# Option A: OAuth2 Proxy (Google Auth)
# (google_auth) {
#     forward_auth OAUTH2_PROXY_HOST:4180 {
#         uri /oauth2/auth
#         header_up Host auth.example.com
#         copy_headers X-Auth-Request-User X-Auth-Request-Email
#         handle_response @unauthorized {
#             redir https://auth.example.com/oauth2/start?rd={scheme}://{host}{uri}
#         }
#         @unauthorized status 401
#     }
# }

# Option B: Authentik
# (authentik) {
#     forward_auth AUTHENTIK_HOST:9000 {
#         uri /outpost.goauthentik.io/auth/caddy
#         copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email
#     }
# }

# --- Site block ---

# terminal.example.com {
#     import google_auth
#
#     # Undo any cached permanent redirects from old configs
#     @oldttyd path /ttyd /ttyd/
#     redir @oldttyd / temporary
#
#     # Static assets (toolbar, PWA manifest, icons)
#     handle /toolbar.js {
#         root * /opt/kitty-web/static
#         file_server
#     }
#     handle /manifest.json {
#         root * /opt/kitty-web/static
#         file_server
#     }
#     handle /icon-*.png {
#         root * /opt/kitty-web/static
#         file_server
#     }
#
#     # Notification API
#     handle /api/* {
#         uri strip_prefix /api
#         reverse_proxy TTYD_HOST:7682
#     }
#
#     # Terminal (catch-all)
#     handle {
#         reverse_proxy TTYD_HOST:7681
#     }
# }