# Global rules
* {
    tls off # Assume reverse proxy with TLS
    gzip
    root /static
    proxy /api apigateway:80 {
        transparent
        without /api
        websocket
    }
    cors /api {
        allow_credentials true
        allowed_headers   Content-Type,Authorization
    }
}