{
	# Development: use self-signed certs by default
	# Production: remove this block to enable automatic Let's Encrypt
	local_certs
}

# Nextcloud (HTTPS on port 443)
https://localhost {
	reverse_proxy nextcloud:80 {
		header_up X-Real-IP {remote_host}
		header_up X-Forwarded-For {remote_host}
		header_up X-Forwarded-Proto https
	}
}

# MCP Server (HTTPS on port 3340)
https://localhost:3340 {
	reverse_proxy mcp-server:3339
}
