# Caddy terminates TLS (using the mkcert cert/key generated by `just tls`) and
# proxies to the Django/gunicorn IdP. The explicit `tls` directive disables
# automatic HTTPS/ACME, so this works for any local domain without Let's Encrypt.
{$IDP_DOMAIN:localhost} {
	encode gzip
	tls /certs/cert.pem /certs/key.pem
	reverse_proxy idp:8000
}
