(rp_skip_tls) {
	reverse_proxy {args[0]} {
		transport http {
			tls_insecure_skip_verify
		}
	}
}
(rp) {
	reverse_proxy {args[0]}
}
(auth_path_handler) {
	handle /oauth2/* {
		reverse_proxy oauth2proxy:4180 {
			header_up X-Real-IP {remote_host}
			header_up X-Forwarded-Uri {uri}
		}
	}
}

(auth_redirect) {
	forward_auth oauth2proxy:4180 {
		uri /oauth2/auth
		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
		header_up X-Real-IP {remote_host}
		@error status 401 403
		handle_response @error {
			redir * /oauth2/sign_in?rd={scheme}://{host}{uri}
		}
	}
}

(protect) {
	import auth_path_handler
	handle {
		import auth_redirect
		import {args[0]} {args[1]}
	}
}

(protected) {
	@skip_tls {
		expression `"{args[1]}" == "skip_verify"`
	}
	@no_skip_tls {
		expression `"{args[1]}" != "skip_verify"`
	}
	handle /oauth2/* {
		reverse_proxy oauth2proxy:4180 {
			header_up X-Real-IP {remote_host}
			header_up X-Forwarded-Uri {uri}
		}
	}
	handle {
		forward_auth oauth2proxy:4180 {
			uri /oauth2/auth
			copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
			header_up X-Real-IP {remote_host}
			@error status 401 403
			handle_response @error {
				redir * /oauth2/sign_in?rd={scheme}://{host}{uri}
			}
		}


		reverse_proxy @skip_tls {args[0]} {
			transport http {
				tls_insecure_skip_verify
			}
		}
		reverse_proxy @no_skip_tls {args[0]}
		
	}
}