# Dashboard
https://dashboard.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	# Apply basic security headers
	header {
		# Enable cross origin access to *.{$NM_DOMAIN}
		Access-Control-Allow-Origin *.{$NM_DOMAIN}
		# Enable HTTP Strict Transport Security (HSTS)
		Strict-Transport-Security "max-age=31536000;"
		# Enable cross-site filter (XSS) and tell browser to block detected attacks
		X-XSS-Protection "1; mode=block"
		# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
		X-Frame-Options "SAMEORIGIN"
		# Prevent search engines from indexing
		X-Robots-Tag "none"
		# Remove the server name
		-Server
	}

	reverse_proxy http://netmaker-ui
}

# API
https://api.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy http://netmaker:8081
}

# STUN
https://stun.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy netmaker:3478
}

# TURN
https://turn.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy host.docker.internal:3479
}

# TURN API
https://turnapi.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy http://host.docker.internal:8089
}

# MQ
wss://broker.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
}