# Append to your existing Caddyfile (or include via `import`).
# DNS A/AAAA records for both subdomains must point to this server first
# (a wildcard *.linumiq.com record is sufficient).
#
# Caddy runs in Docker on the `caddy_net` network and reaches each app by
# container name (the apps do not publish host ports).

# DEV — installed on linumiq-dev.myshopify.com
invoice-app-dev.linumiq.com {
	encode zstd gzip
	# Security response headers. NOTE: deliberately no X-Frame-Options here —
	# this is an embedded Shopify app, and framing is governed by the
	# Content-Security-Policy `frame-ancestors` directive that the Shopify
	# library injects via addDocumentResponseHeaders (see app/entry.server.tsx).
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains"
		X-Content-Type-Options nosniff
		Referrer-Policy strict-origin-when-cross-origin
	}
	reverse_proxy linumiq-invoice-dev:3000
}

# PROD — installed on shop.linumiq.com (5aiizq-ti.myshopify.com)
invoice-app.linumiq.com {
	encode zstd gzip
	reverse_proxy linumiq-invoice-prod:3000
}