# Global options
{
	# Debug mode - uncomment to activate.
	#debug

	# Use local-only certs? Comment out the on_demand_tls block
	# if you use this.
	#local_certs

	# To use automatic on/demand SSL/TLS certs we need to ask an
	# end-point if we host the domain.
	on_demand_tls {
		# This can be any http url you like, a domain query will be
		# attached. A request will be made such as
		# http://my.end.point:80/hosted/?domain=myawesomesite.foo
		# The end-point MUST return a 200 response if the domain is
		# valid.
		#ask http://my.end.point:80/hosted/

		# So we don't have to use external scripting let's get caddy
		# to check a directory for us instead. There needs to be a
		# block below to handle this otherwise all domains using SSL
		# will fail.
		ask http://127.0.0.1:62453/
	}
}

# On-demand SSL/TLS end-point to check if we host the domain before
# getting a cert.
http://127.0.0.1:62453 {
	# The folder where ALL sites are so we can check if hosted or not.
	# No files from here are served.
	root * /var/www/

	# Log to stdout.
	log

	# Rewrite the domain query into a path request and only if /.
	@domain_query {
		path /
		query domain=*
	}
	rewrite @domain_query /{query.domain}/

	# Match domain.
	# The path regex matcher must come first, Thanks caddy devs!
	# Info https://github.com/caddyserver/caddy/issues/4204
	@domain_in_path path_regexp domain \/(www\.)?([^\.\\\/].{1,})\/
	handle @domain_in_path {
		@domain_exists file {re.domain.2}/
		respond @domain_exists 200 {
			close
		}
	}

	# Default response if domain doesn't exist.
	respond 404 {
		close
	}
}

# Catch-all SSL/TLS site(s) - this must be last!
:443 {
	# Strip www from host header.
	@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})

	# Enable on-demand SSL/TLS certs.
	tls {
		on_demand
	}

	handle_errors {
		respond "{http.error.status_text}." {
			close
		}
	}

	handle @host_header {
		root * /var/www/{re.host.2}/htdocs/
		file_server {
			hide .* ~*
		}

		@has_reverse_proxy {
			file /run/{re.host.2}.sock
			path !*.php
		}

		handle @has_reverse_proxy {
			reverse_proxy unix//run/{re.host.2}.sock {
				header_up Host {upstream_hostport}
				header_up X-Forwarded-Host {host}
			}
		}

		php_fastcgi unix//run/php/{re.host.2}.sock {
			# This only works with Caddy versions >= 2.4.6
			try_files {path} {path}/ {path}/index.php =404
		}
	}
	error 404
}