{$DOMAIN:localhost} {
    # Frontend
    handle {
        reverse_proxy frontend:80
    }

    # API
    handle /api/* {
        reverse_proxy backend:8000
    }

    # Security headers
    header {
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
        Referrer-Policy strict-origin-when-cross-origin
        -Server
    }
}