mingderwang/config.json

## config.json
# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: https://keycloak.example.com/auth/realms/demo
# the client id for the 'client' application
client-id: broker
# the secret associated to the 'client' application
client-secret: 1331ce9e-32a0-43b5-98e4-b004bbccfd0a
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
listen: 10.4.12.73:3000
# whether to enable refresh tokens
enable-refresh-tokens: true
# the location of a certificate you wish the proxy to use for TLS support
tls-cert:
# the location of a private key for TLS
tls-private-key:
# the redirection url, essentially the site url, note: /oauth/callback is added at the end
redirection-url: https://10.4.12.73:3000
# the encryption key used to encode the session state
encryption-key: AgXa7xxcoClDEU0ZDSH4X0XhL5Qy2Z2j
# the upstream endpoint which we should proxy request
upstream-url: http://keycloak.log4analytics.com:8081
# additional scopes to add to add to the default (openid+email+profile)
scopes:
- vpn-user
# a collection of resource i.e. urls that you wish to protect
resources:
- uri: /*
  # the methods on this url that should be protected, if missing, we assuming all
  methods:
  - GET
  # a list of roles the user must have in order to access urls under the above
  # If all you want is authentication ONLY, simply remove the roles array - the user must be authenticated but
  # no roles are required
  roles:
  - openvpn:vpn-user
  - openvpn:prod-vpn
  - test
- uri: /admin/*
  methods:
  - GET
  roles:
  - openvpn:vpn-user
  - openvpn:commons-prod-vpn
	# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
	discovery-url: https://keycloak.example.com/auth/realms/demo
	# the client id for the 'client' application
	client-id: broker
	# the secret associated to the 'client' application
	client-secret: 1331ce9e-32a0-43b5-98e4-b004bbccfd0a
	# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>\|</ABS PATH>
	listen: 10.4.12.73:3000
	# whether to enable refresh tokens
	enable-refresh-tokens: true
	# the location of a certificate you wish the proxy to use for TLS support
	tls-cert:
	# the location of a private key for TLS
	tls-private-key:
	# the redirection url, essentially the site url, note: /oauth/callback is added at the end
	redirection-url: https://10.4.12.73:3000
	# the encryption key used to encode the session state
	encryption-key: AgXa7xxcoClDEU0ZDSH4X0XhL5Qy2Z2j
	# the upstream endpoint which we should proxy request
	upstream-url: http://keycloak.log4analytics.com:8081
	# additional scopes to add to add to the default (openid+email+profile)
	scopes:
	- vpn-user
	# a collection of resource i.e. urls that you wish to protect
	resources:
	- uri: /*
	# the methods on this url that should be protected, if missing, we assuming all
	methods:
	- GET
	# a list of roles the user must have in order to access urls under the above
	# If all you want is authentication ONLY, simply remove the roles array - the user must be authenticated but
	# no roles are required
	roles:
	- openvpn:vpn-user
	- openvpn:prod-vpn
	- test
	- uri: /admin/*
	methods:
	- GET
	roles:
	- openvpn:vpn-user
	- openvpn:commons-prod-vpn