diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index e872f0f..026f5d7 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,4 +1,5 @@
 localhost {
+	# Setup the authentication site at /auth/
 	import auth/setup
 	# Only users with myapp:reports and auth admin permissions
 	handle_path /reports {
@@ -22,16 +23,3 @@ localhost {
 		reverse_proxy :3000
 	}
 }
-
-example.com {
-	# Public endpoints in handle blocks before auth
-	@public path /favicon.ico /.well-known/*
-	handle @public {
-		root * /var/www/
-		file_server
-	}
-	# The rest of the site protected, /auth/ reserved for auth service
-	import auth/all perm=auth:admin {
-		reverse_proxy :3000
-	}
-}
\ No newline at end of file
diff --git a/caddy/auth/all b/caddy/auth/all
deleted file mode 100644
index 15bc202..0000000
--- a/caddy/auth/all
+++ /dev/null
@@ -1,6 +0,0 @@
-# Enable auth site at /auth (setup) and require authentication on all paths
-import setup
-handle {
-    import require {args[0]}
-    {block}
-}
diff --git a/caddy/auth/require b/caddy/auth/require
index 1602cc6..657ed3d 100644
--- a/caddy/auth/require
+++ b/caddy/auth/require
@@ -1,5 +1,7 @@
-# Permission to use within your endpoints that need authentication/authorization, that
-# is different depending on the route (otherwise use auth/all).
+# Permission to use within your endpoints that need authentication/authorization
+# Argument is mandatory and provides a query string to /auth/api/forward
+#   "" means just authentication
+#   perm=yourservice:login to require specific permission
 forward_auth {$AUTH_UPSTREAM:localhost:4401} {
     uri /auth/api/forward?{args[0]}
     header_up Connection keep-alive  # Much higher performance