# One Caddy terminates TLS for both the IdP and the SP and routes by hostname.
# The explicit `tls` directives use the mkcert cert/key pairs generated by
# `just tls`, disabling automatic HTTPS/ACME so this works for any local domain.

{$IDP_DOMAIN:idp.localhost} {
	encode gzip
	tls /certs/idp/cert.pem /certs/idp/key.pem
	reverse_proxy idp:8000
}

{$SP_DOMAIN:sp.localhost} {
	encode gzip
	tls /certs/sp/cert.pem /certs/sp/key.pem
	reverse_proxy sp:8000
}
