{
	auto_https off
}

http://index.korhonen.lan {
	root * /var/www/index.korhonen.cc
	file_server browse
}

http://home.korhonen.lan {
	reverse_proxy home-assistant:8123
}

http://sso.korhonen.lan, http://sso.korhonen.cc {
	reverse_proxy authentik:9000
}

http://git.korhonen.lan {
	rewrite /user/login /user/oauth2/authentik
	reverse_proxy forgejo:3000
}

http://search.korhonen.lan {
	reverse_proxy searx:8080
}

http://jellyfin.korhonen.lan {
	reverse_proxy jellyfin:8096
}

http://cloud.korhonen.lan {
	# Redirect login page to Authentik
	redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301

	# .htaccess / data / config / ... shouldn't be accessible from outside
	@forbidden {
		path /.htaccess
		path /data/*
		path /config/*
		path /db_structure
		path /.xml
		path /README
		path /3rdparty/*
		path /lib/*
		path /templates/*
		path /occ
		path /console.php
	}
	handle @forbidden {
		respond 404
	}

	redir /.well-known/carddav /remote.php/dav 301
	redir /.well-known/caldav /remote.php/dav 301

	root * /var/www/nextcloud
	php_fastcgi nextcloud:9000 {
		root /var/www/html
		# Tells nextcloud to remove /index.php from URLs in links
		env front_controller_active true
	}
	file_server
}

http://collabora.korhonen.lan {
	reverse_proxy collabora:9980
}