# Updated docs.klas.chat configuration with authentication
# Replace the existing docs.klas.chat block in /etc/caddy/Caddyfile with this:

docs.klas.chat {
	tls /certs/klas.chat/fullchain.cer /certs/klas.chat/klas.chat.key

	# Basic Authentication
	basicauth * {
		langmem $2a$14$.1fx02QwkkmfezhZMLE4Iu2N/ub5vwDSAtcH9lAa5z11ChjiYy1PG
	}

	# Security headers
	header {
		X-Frame-Options "DENY"
		X-Content-Type-Options "nosniff"
		X-XSS-Protection "1; mode=block"
		Referrer-Policy "strict-origin-when-cross-origin"
		Strict-Transport-Security "max-age=31536000; includeSubDomains"
		Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data: https:; font-src 'self' data:;"
	}

	# Static file serving - UPDATED PATH
	root * /home/klas/langmem/docs
	file_server

	# SPA routing fallback for clean URLs
	try_files {path} {path}/ /index.html

	# Enable compression
	encode gzip

	# Cache static assets
	@static {
		path *.css *.js *.png *.jpg *.jpeg *.gif *.svg *.ico *.woff *.woff2
	}

	header @static Cache-Control "public, max-age=31536000, immutable"
}

# Credentials: langmem / langmem2025