{
	admin off
}

:{$PORT:80} {
	root * /srv

	# Gzip compression
	encode gzip

	# Security headers
	header {
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
	}

	# CORS for *.rivet.dev subdomains to fetch changelog.json
	@cors_preflight {
		path /changelog.json
		method OPTIONS
		header_regexp Origin ^https://.*\.rivet\.dev$
	}
	handle @cors_preflight {
		header Access-Control-Allow-Origin {header.Origin}
		header Access-Control-Allow-Methods "GET, OPTIONS"
		header Access-Control-Allow-Headers "Content-Type"
		respond 204
	}
	@cors_json {
		path /changelog.json
		header_regexp Origin ^https://.*\.rivet\.dev$
	}
	header @cors_json Access-Control-Allow-Origin {header.Origin}

	# Cache static assets aggressively (Astro outputs to _astro/)
	@static {
		path /_astro/* *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
	}
	header @static Cache-Control "public, max-age=31536000, immutable"

	# Don't cache HTML files
	@html {
		path *.html
	}
	header @html Cache-Control "no-store, no-cache, must-revalidate"

	# Health check endpoint
	handle /health {
		respond "healthy" 200
	}

	# Main site handler - Astro static export with directory index
	handle {
		try_files {path} {path}/ {path}/index.html
		file_server
	}

	# Custom 404 page
	handle_errors {
		rewrite * /404.html
		file_server
	}
}
