love.hdlife.me {
	# Basic Auth - 用户名和密码从环境变量读取
	# 密码必须是 bcrypt 格式，生成命令：
	# docker run --rm caddy:2-alpine caddy hash-password --plaintext 'your_password'
	basicauth * {
		{$BASIC_AUTH_USER} {$BASIC_AUTH_HASH}
	}

	# 反向代理到 byreal-table 服务
	reverse_proxy byreal-table:3000

	# 日志配置
	log {
		output file /var/log/caddy/access.log {
			roll_size 10MB
			roll_keep 5
		}
	}

	# 安全响应头
	header {
		# 移除 Server 头
		-Server
		# 安全头
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		X-XSS-Protection "1; mode=block"
	}
}