# OpenRemote via Traefik (HTTPS)
# openremote.digitribe.fr
http:
  routers:
    # Keycloak auth routes — HIGHER priority (matched first)
    openremote-keycloak:
      rule: "Host(`openremote.digitribe.fr`) && PathPrefix(`/auth`)"
      entryPoints:
        - websecure
      service: openremote-keycloak
      tls:
        certResolver: letsencrypt
      priority: 200
    # OpenRemote Manager — catches everything else on this host
    openremote-manager:
      rule: "Host(`openremote.digitribe.fr`)"
      entryPoints:
        - websecure
      middlewares:
        - openremote-headers
      service: openremote-manager
      tls:
        certResolver: letsencrypt
      priority: 100
    openremote-manager-http:
      rule: "Host(`openremote.digitribe.fr`)"
      entryPoints:
        - web
      middlewares:
        - openremote-headers
      service: openremote-manager
      priority: 100
  middlewares:
    openremote-headers:
      headers:
        customRequestHeaders:
          X-Forwarded-Proto: "https"
          X-Forwarded-Host: "openremote.digitribe.fr"
          X-Forwarded-Port: "443"
  services:
    openremote-manager:
      loadBalancer:
        servers:
          - url: "http://openremote-manager:8080"
    openremote-keycloak:
      loadBalancer:
        servers:
          - url: "http://openremote-keycloak:8080"