diff --git a/conf/nginx.conf.tpl b/conf/nginx.conf.tpl
index 4d9ba6c..6c72814 100644
--- a/conf/nginx.conf.tpl
+++ b/conf/nginx.conf.tpl
@@ -1,4 +1,4 @@
-worker_processes 1;
+worker_processes 2;
 
 # expose env vars to lua code
 env BENTO_DEBUG;
@@ -39,6 +39,12 @@ stream {
         ssl_preread on;
         proxy_pass  $name;
     }
+
+    log_format basic '$remote_addr [$time_local] '
+                 '$protocol $status $bytes_sent $bytes_received '
+                 '$session_time "$upstream_addr" '
+                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+    access_log logs/access.log basic;
 }
 # tpl__tls_yes__end
 
@@ -54,6 +60,12 @@ http {
                            '"$request" $status $body_bytes_sent '
                            '"$http_referer" "$http_user_agent" "$gzip_ratio" "$uri"';
 
+    log_format upstream_time '$remote_addr - $remote_user [$time_local] '
+                             '"$request" $status $body_bytes_sent '
+                             '"$http_referer" "$http_user_agent"'
+                             'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
+    access_log logs/access.log upstream_time;
+
     # Set up per-server and per-address rate limiter
     limit_req_zone $binary_remote_addr zone=perip:10m rate=10r/s;
     limit_req_zone $server_name zone=perserver:10m rate=40r/s;
diff --git a/src/proxy_auth_v2.lua b/src/proxy_auth_v2.lua
index fcfabbf..147b97c 100644
--- a/src/proxy_auth_v2.lua
+++ b/src/proxy_auth_v2.lua
@@ -39,6 +39,29 @@ local err_500_and_log = function(detail, err)
 end
 -- END FUNCTION DEFINITIONS -----–-----–-----–-----–-----–-----–-----–-----–-----–-------
 
+local req = ngx.req
+local req_method = req.get_method()
+local req_uri = ngx.var.request_uri  -- pre-rewrite URI
+local uri = ngx.var.uri  -- post-rewrite URI
+
+-- BEGIN OPEN ENDPOINT LOGIC ------------------------------------------------------------
+
+-- Pass through all endpoint calls which used to be proxied by bento_public
+-- TODO: replace this with properly authorization-compatible services
+
+if req_method == "GET" and (
+  uri == "/service-info" or
+  req_uri == "/api/metadata/api/projects" or
+  req_uri == "/api/metadata/api/public" or
+  req_uri == "/api/metadata/api/public_overview" or
+  req_uri == "/api/metadata/api/public_search_fields" or
+  req_uri == "/api/metadata/api/public_dataset"
+) then
+  goto script_end
+end
+
+-- END OPEN ENDPOINT LOGIC --------------------------------------------------------------
+
 -- BEGIN AUTHORIZATION LOGIC ------------------------------------------------------------
 
 local bento_debug = os.getenv("BENTO_DEBUG")
@@ -54,11 +77,10 @@ local user_role
 
 -- Check bearer token if set
 -- Adapted from https://github.com/zmartzone/lua-resty-openidc/issues/266#issuecomment-542771402
-local req = ngx.req
 local auth_header = req.get_headers()["Authorization"]
 
 -- Tokens can also be passed in the form of POST body form data
-if req.get_method() == "POST" then
+if req_method == "POST" then
   req.read_body()
   local req_body = req.get_post_args()
   if req_body ~= nil and req_body["token"] then