mingderwang · August 4, 2018 22:04 · mingderwang · Oct 24, 2017
diff --git a/config.json b/config.json
 # is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
 discovery-url: https://keycloak.example.com/auth/realms/demo
 # the client id for the 'client' application
 client-id: broker
 # the secret associated to the 'client' application
 client-secret: 1331ce9e-32a0-43b5-98e4-b004bbccfd0a
 # the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
 listen: 10.4.12.73:3000
 # whether to enable refresh tokens
 enable-refresh-tokens: true
 # the location of a certificate you wish the proxy to use for TLS support
 tls-cert:
 # the location of a private key for TLS
 tls-private-key:
 # the redirection url, essentially the site url, note: /oauth/callback is added at the end
 redirection-url: https://10.4.12.73:3000
 # the encryption key used to encode the session state
 encryption-key: AgXa7xxcoClDEU0ZDSH4X0XhL5Qy2Z2j
 # the upstream endpoint which we should proxy request
 upstream-url: http://keycloak.log4analytics.com:8081
 # additional scopes to add to add to the default (openid+email+profile)
 scopes:
 - vpn-user
 # a collection of resource i.e. urls that you wish to protect
 resources:
 - uri: /*
  # the methods on this url that should be protected, if missing, we assuming all
  methods:
  - GET
  # a list of roles the user must have in order to access urls under the above
  # If all you want is authentication ONLY, simply remove the roles array - the user must be authenticated but
  # no roles are required
  roles:
  - openvpn:vpn-user
  - openvpn:prod-vpn
  - test
 - uri: /admin/*
  methods:
  - GET
  roles:
  - openvpn:vpn-user
  - openvpn:commons-prod-vpn
	# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
	discovery-url: https://keycloak.example.com/auth/realms/demo
	# the client id for the 'client' application
	client-id: broker
	# the secret associated to the 'client' application
	client-secret: 1331ce9e-32a0-43b5-98e4-b004bbccfd0a
	# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>\|</ABS PATH>
	listen: 10.4.12.73:3000
	# whether to enable refresh tokens
	enable-refresh-tokens: true
	# the location of a certificate you wish the proxy to use for TLS support
	tls-cert:
	# the location of a private key for TLS
	tls-private-key:
	# the redirection url, essentially the site url, note: /oauth/callback is added at the end
	redirection-url: https://10.4.12.73:3000
	# the encryption key used to encode the session state
	encryption-key: AgXa7xxcoClDEU0ZDSH4X0XhL5Qy2Z2j
	# the upstream endpoint which we should proxy request
	upstream-url: http://keycloak.log4analytics.com:8081
	# additional scopes to add to add to the default (openid+email+profile)
	scopes:
	- vpn-user
	# a collection of resource i.e. urls that you wish to protect
	resources:
	- uri: /*
	# the methods on this url that should be protected, if missing, we assuming all
	methods:
	- GET
	# a list of roles the user must have in order to access urls under the above
	# If all you want is authentication ONLY, simply remove the roles array - the user must be authenticated but
	# no roles are required
	roles:
	- openvpn:vpn-user
	- openvpn:prod-vpn
	- test
	- uri: /admin/*
	methods:
	- GET
	roles:
	- openvpn:vpn-user
	- openvpn:commons-prod-vpn