http:
  # Rate Limiting Middlewares
  middlewares:
    api-ratelimit:
      rateLimit:
        average: 100         # Average requests per second
        burst: 200           # Maximum burst
        period: 1m           # Sliding window period
        sourceCriterion:
          ipStrategy:
            depth: 1         # Use X-Forwarded-For header
    api-ratelimit-strict:
      rateLimit:
        average: 10          # Strict limit for sensitive endpoints
        burst: 20
        period: 1m
        sourceCriterion:
          ipStrategy:
            depth: 1
    elmeg-strip:
      stripPrefix:
        prefixes:
          - "/api"
  
  routers:
    ersen-web:
      rule: "Host(`ersen.xyz`) || Host(`www.ersen.xyz`)"
      service: ersen-frontend
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
    ersen-api:
      rule: "Host(`api.ersen.xyz`)"
      service: ersen-backend
      entryPoints:
        - websecure
      middlewares:
        - api-ratelimit
      tls:
        certResolver: letsencrypt
    
    elmeg-web:
      rule: "Host(`elmeg.xyz`)"
      service: elmeg-frontend
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
    elmeg-api:
      rule: "Host(`elmeg.xyz`) && PathPrefix(`/api`)"
      service: elmeg-backend
      priority: 100
      entryPoints:
        - websecure
      middlewares:
        - elmeg-strip
      tls:
        certResolver: letsencrypt
  
  services:
    ersen-frontend:
      loadBalancer:
        servers:
          - url: "http://ersen-frontend-1:80"
    ersen-backend:
      loadBalancer:
        servers:
          - url: "http://ersen-backend-1:3000"
    elmeg-frontend:
      loadBalancer:
        servers:
          - url: "http://elmeg-demo-frontend-1:3000"
    elmeg-backend:
      loadBalancer:
        servers:
          - url: "http://elmeg-demo-backend-1:8000"