proxmox11.yiem.cc {
  reverse_proxy 192.168.88.11:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

proxmox12.yiem.cc {
  reverse_proxy 192.168.88.12:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

proxmox13.yiem.cc {
  reverse_proxy 192.168.88.13:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

proxmox14.yiem.cc {
  reverse_proxy 192.168.88.14:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

proxmox20.yiem.cc {
  reverse_proxy 192.168.88.20:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

proxmox21.yiem.cc {
  reverse_proxy 192.168.88.21:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

git.yiem.cc {
  reverse_proxy 192.168.88.110:3000
}

drone.yiem.cc {
  reverse_proxy 192.168.88.110:80
}

registry.yiem.cc {
  route {
    basic_auth {
      cicd $2a$14$JPVuqNDC/Hss3cNMORiN7ubIG19wd2BEQTKuzQKet33uLVSMlsw0q
    }
    reverse_proxy 192.168.88.110:5000
  }
}

argocd.yiem.cc {
  reverse_proxy 192.168.88.200:80
}


mqtt.yiem.cc:8083/mqtt { 
  reverse_proxy localhost:9083
}

mqtt.yiem.cc:8084 {
  reverse_proxy localhost:9084
}

llmembedding.yiem.cc {
  reverse_proxy 192.168.88.50:11434
}

llmvectordb.yiem.cc {
  reverse_proxy 192.168.88.50:6333
}

llmcoder.yiem.cc {
  reverse_proxy 192.168.88.50:8080
}

llmvl.yiem.cc {
  reverse_proxy 192.168.88.51:8080
}

nats.yiem.cc {
  reverse_proxy localhost:9222 {
  header_up Host {http.request.host}
  header_up X-Forwarded-For {http.request.remote}
  header_up X-Forwarded-Proto {http.request.scheme}
  }
}

yiem.cc, www.yiem.cc {
  reverse_proxy 192.168.88.109:10001
}

erp.yiem.cc {
  reverse_proxy 192.168.88.107:8080
}

api.yiem.cc {
  reverse_proxy 192.168.88.102:11434
}

books.yiem.cc {
  reverse_proxy 192.168.88.105:5000
}

media.yiem.cc {
  reverse_proxy 192.168.88.105:8096
}

https://office.yiem.cc:443 {
  reverse_proxy 192.168.88.101:11000
}

https://officeproject.yiem.cc {
  reverse_proxy 192.168.88.101:10003
}

tech.yiem.cc {
  reverse_proxy 192.168.88.109:11001
}

smartfarm.yiem.cc {
  reverse_proxy 192.168.88.109:11050
}

testsite1.yiem.cc {
  reverse_proxy 192.168.88.109:11111
}

wine.yiem.cc {
  reverse_proxy /hq/agent/sommelier/frontend/user* 192.168.88.109:10208
  reverse_proxy /hq/agent/sommelier/frontend/dbadmin* 192.168.88.109:10209
  reverse_proxy /hq/agent/sommelier/frontend/retaileradmin* 192.168.88.109:10207
  reverse_proxy 192.168.88.109:13001
}

blossom.yiem.cc {
  reverse_proxy 192.168.88.109:14001
}

play.yiem.cc {
  reverse_proxy 192.168.88.105:12000
}  

app1.yiem.cc {
  # Preserve common upstream headers for all proxied requests
  @all {
    path_regexp all ^/.*$
  }

  # -------------------------
  # service-a QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @a_qaNoSlash path /service-a-qa
  redir @a_qaNoSlash https://app1.yiem.cc/service-a-qa/ 301

  # Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
  @a_qa path_regexp qa ^/service-a-qa(/.*|$)

  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
  reverse_proxy @a_qa 192.168.88.200:80 {
    header_up X-Forwarded-Prefix /service-a-qa
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # service-a Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @a_prodNoSlash path /service-a
  redir @a_prodNoSlash https://app1.yiem.cc/service-a/ 301

  # Match any production path (covers /service-a, /service-a/, and subpaths)
  @a_prod path_regexp prod ^/service-a(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @a_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

  # -------------------------
  # service-b QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @b_qaNoSlash path /service-b-qa
  redir @b_qaNoSlash https://app1.yiem.cc/service-b-qa/ 301

  # Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
  @b_qa path_regexp qa ^/service-b-qa(/.*|$)

  # Proxy QA traffic to ingress LB
  reverse_proxy @b_qa 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # service-b Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @b_prodNoSlash path /service-b
  redir @b_prodNoSlash https://app1.yiem.cc/service-b/ 301

  # Match any production path (covers /service-b, /service-b/, and subpaths)
  @b_prod path_regexp prod ^/service-b(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @b_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

  # -------------------------
  # Fallback: forward other requests to the ingress
  # -------------------------
  reverse_proxy 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }
}

# =============================
# app2.yiem.cc: Reverse Proxy Configuration
# =============================
app2.yiem.cc {
  # Preserve common upstream headers for all proxied requests
  @all {
    path_regexp all ^/.*$
  }

  # -------------------------
  # service-a QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @a_qaNoSlash path /service-a-qa
  redir @a_qaNoSlash https://app2.yiem.cc/service-a-qa/ 301

  # Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
  @a_qa path_regexp qa ^/service-a-qa(/.*|$)

  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
  reverse_proxy @a_qa 192.168.88.200:80 {
    header_up X-Forwarded-Prefix /service-a-qa
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # service-a Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @a_prodNoSlash path /service-a
  redir @a_prodNoSlash https://app2.yiem.cc/service-a/ 301

  # Match any production path (covers /service-a, /service-a/, and subpaths)
  @a_prod path_regexp prod ^/service-a(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @a_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

  # -------------------------
  # service-b QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @b_qaNoSlash path /service-b-qa
  redir @b_qaNoSlash https://app2.yiem.cc/service-b-qa/ 301

  # Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
  @b_qa path_regexp qa ^/service-b-qa(/.*|$)

  # Proxy QA traffic to ingress LB
  reverse_proxy @b_qa 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # service-b Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @b_prodNoSlash path /service-b
  redir @b_prodNoSlash https://app2.yiem.cc/service-b/ 301

  # Match any production path (covers /service-b, /service-b/, and subpaths)
  @b_prod path_regexp prod ^/service-b(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @b_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

  # -------------------------
  # Fallback: forward other requests to the ingress
  # -------------------------
  reverse_proxy 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }
}

sommpanion.yiem.cc {
  # Preserve common upstream headers for all proxied requests
  @all {
    path_regexp all ^/.*$
  }

  # -------------------------
  # wine-db-admin QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @wine_db_admin_qaNoSlash path /wine-db-admin-qa
  redir @wine_db_admin_qaNoSlash https://sommpanion.yiem.cc/wine-db-admin-qa/ 301

  # Match any QA path (covers /wine-db-admin-qa, /wine-db-admin-qa/, and subpaths)
  @wine_db_admin_qa path_regexp qa ^/wine-db-admin-qa(/.*|$)

  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
  reverse_proxy @wine_db_admin_qa 192.168.88.200:80 {
    header_up X-Forwarded-Prefix /wine-db-admin-qa
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # wine-db-admin Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @wine_db_admin_prodNoSlash path /wine-db-admin
  redir @wine_db_admin_prodNoSlash https://sommpanion.yiem.cc/wine-db-admin/ 301

  # Match any production path (covers /wine-db-admin, /wine-db-admin/, and subpaths)
  @wine_db_admin_prod path_regexp prod ^/wine-db-admin(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @wine_db_admin_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

  # -------------------------
  # wine-retailer-admin QA: canonicalize and proxy
  # -------------------------

  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
  @wine_retailer_admin_qaNoSlash path /wine-retailer-admin-qa
  redir @wine_retailer_admin_qaNoSlash https://sommpanion.yiem.cc/wine-retailer-admin-qa/ 301

  # Match any QA path (covers /wine-retailer-admin-qa, /wine-retailer-admin-qa/, and subpaths)
  @wine_retailer_admin_qa path_regexp qa ^/wine-retailer-admin-qa(/.*|$)

  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
  reverse_proxy @wine_retailer_admin_qa 192.168.88.200:80 {
    header_up X-Forwarded-Prefix /wine-retailer-admin-qa
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    # Optional: tune timeouts or health checks here if needed
  }

  # -----------------------------
  # wine-retailer-admin Production: canonicalize and proxy
  # -----------------------------

  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
  @wine_retailer_admin_prodNoSlash path /wine-retailer-admin
  redir @wine_retailer_admin_prodNoSlash https://sommpanion.yiem.cc/wine-retailer-admin/ 301

  # Match any production path (covers /wine-retailer-admin, /wine-retailer-admin/, and subpaths)
  @wine_retailer_admin_prod path_regexp prod ^/wine-retailer-admin(/.*|$)

  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
  reverse_proxy @wine_retailer_admin_prod 192.168.88.200:80 {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
  }

}