{
  email admin@hx-ki.com
}

# --- Gateway on COM1 (49.12.97.28) ---
# Everything terminates TLS here, then proxies to WG targets.

caddy.hx-ki.com {
  respond "HXKI Caddy Gateway OK" 200
}

webui.hx-ki.com {
  reverse_proxy 10.10.0.2:8080
}

grafana.hx-ki.com {
  reverse_proxy 10.10.0.3:3000
}

n8n.hx-ki.com {
  reverse_proxy 10.10.0.1:5678
}

syncthing.hx-ki.com {
  reverse_proxy 10.10.0.1:8384
}

# gitea points to another public server (DNS already 91.98.70.222)
gitea.hx-ki.com {
  reverse_proxy 91.98.70.222:3000
}

# DBs should NOT be public
postgres.hx-ki.com {
  respond "Postgres is internal only" 403
}
mariadb.hx-ki.com {
  respond "MariaDB is internal only" 403
}