# Caddyfile — Witryna with auto-managed site configs
#
# Site configs are generated by the caddy-deploy.sh hook script
# and imported from /etc/caddy/sites.d/. See examples/hooks/caddy-deploy.sh.
#
# Caddy obtains and renews TLS certificates automatically via ACME.
# See https://caddyserver.com/docs/ for full documentation.

# Import auto-managed site configs
import /etc/caddy/sites.d/*.caddy

# Webhook endpoint — reverse proxy to Witryna
witryna.example.com {
	reverse_proxy 127.0.0.1:8080

	# Restrict access to POST requests only
	@not_post not method POST
	respond @not_post 405

	# Security headers
	header {
		X-Content-Type-Options "nosniff"
		-Server
	}
}