localhost {
	# Setup the authentication site at /auth/
	import auth/setup
	# Only users with myapp:reports and auth admin permissions
	handle_path /reports {
		import auth/require perm=myapp:reports&perm=auth:admin
		respond "Reports area (protected) for {http.request.header.remote-org-name}" 200
	}
	# Public paths (no auth)
	@public path /favicon.ico /.well-known/*
	handle @public {
		root * /var/www/
        file_server
	}
	# Respond with user's display name
	handle_path /hello {
		import auth/require ""
		respond "Hello, {http.request.header.remote-name}! Your permissions: {http.request.header.remote-groups}" 200
	}
	# Default route, requires authentication but no authorization
	handle {
		import auth/require ""
		reverse_proxy :3000
	}
}