Simplified Caddy snippets (removed auth/all).

caddy/Caddyfile

@@ -1,4 +1,5 @@
 localhost {
+	# Setup the authentication site at /auth/
 	import auth/setup
 	# Only users with myapp:reports and auth admin permissions
 	handle_path /reports {
@@ -22,16 +23,3 @@ localhost {
 		reverse_proxy :3000
 	}
 }
-
-example.com {
-	# Public endpoints in handle blocks before auth
-	@public path /favicon.ico /.well-known/*
-	handle @public {
-		root * /var/www/
-		file_server
-	}
-	# The rest of the site protected, /auth/ reserved for auth service
-	import auth/all perm=auth:admin {
-		reverse_proxy :3000
-	}
-}

caddy/auth/all

@@ -1,6 +0,0 @@
-# Enable auth site at /auth (setup) and require authentication on all paths
-import setup
-handle {
-    import require {args[0]}
-    {block}
-}

caddy/auth/require

@@ -1,5 +1,7 @@
-# Permission to use within your endpoints that need authentication/authorization, that
-# is different depending on the route (otherwise use auth/all).
+# Permission to use within your endpoints that need authentication/authorization
+# Argument is mandatory and provides a query string to /auth/api/forward
+#   "" means just authentication
+#   perm=yourservice:login to require specific permission
 forward_auth {$AUTH_UPSTREAM:localhost:4401} {
     uri /auth/api/forward?{args[0]}
     header_up Connection keep-alive  # Much higher performance