(tls-transport) {
	transport http {
		tls
		tls_insecure_skip_verify
	}
}

:8085 {
	log
	reverse_proxy authelia-backend:9091 {
		import tls-transport
	}
}

login.example.com:8080 {
	tls internal
	log
	route {
		reverse_proxy /.well-known/* authelia-backend:9091 {
			import tls-transport
		}

		reverse_proxy /api/* authelia-backend:9091 {
			import tls-transport
		}

		reverse_proxy /locales/* authelia-backend:9091 {
			import tls-transport
		}

		reverse_proxy /jwks.json authelia-backend:9091 {
			import tls-transport
		}

		reverse_proxy authelia-frontend:3000 :8085 {
			lb_policy first
			lb_try_duration 5s
			lb_try_interval 250ms

			fail_duration 10s
			max_fails 1
			unhealthy_status 5xx
		}
	}
}

mail.example.com:8080 {
	tls internal
	log
	reverse_proxy smtp:1080
}

*.example.com:8080 {
	tls internal
	log
	forward_auth authelia-backend:9091 {
		uri /api/verify?rd=https://login.example.com:8080
		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
		import tls-transport
	}

	reverse_proxy /headers httpbin:8000
	reverse_proxy nginx-backend
}