{$DOMAIN_NAME} {
    # Reverse proxy to Nginx frontend
    reverse_proxy frontend:80

    # Access logging
    log {
        output file /data/access.log {
            roll_size 10mb
            roll_keep 5
        }
        format json
    }

    # Security headers
    header {
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"
    }
}