reverse_proxies:

  kc:
    domain: keycloak.z.com
    host: http://127.0.0.1:8080
    entry_point: https
    tls:
      enabled: true
      certs: default
    auth_server: true
  app:
    domain: app.z.com
    host: http://127.0.0.1:3000
    entry_point: https
    tls:
      enabled: true
      certs: default
    auth: app_auth
  oded:
    domain: oded.z.com
    host: http://127.0.0.1:3001
    entry_point: https
    tls:
      enabled: true
      certs: default
    auth: oded_auth


tls:
  certs:
    default:
      cert: z.com.cert.pem
      key: z.com.key.pem

entry_points:
  https:
    tls: true
    port: 443
  http:
    port: 80

auth:
  app_auth:
    paths:
      prefix: /auth
      login:  /login
      logout:  /logout
      callback:  /callback
    open_id:
      host: http://127.0.0.1:8080
      realm: dev
      client_id: dev_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      redirect_uri: <{{dynamic}}>/auth/callback
      post_logout_redirect_uri: https://app.z.com/auth/logout
      config_path: /realms/<{{realm}}>/.well-known/openid-configuration
  oded_auth:
    paths:
      prefix: /auth
      login:  /login
      logout:  /logout
      callback:  /callback
    open_id:
      host: http://127.0.0.1:8080
      realm: dev
      client_id: dev_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      # redirect_uri: https://oded.z.com/auth/callback
      redirect_uri: <{{dynamic}}>/auth/callback
      post_logout_redirect_uri: https://oded.z.com/auth/logout
      # post_logout_redirect_uri: <{{dynamic}}>/auth/logout
      config_path: /realms/<{{realm}}>/.well-known/openid-configuration

    
#       scope: openid profile email

      # response_type: code
      # response_mode: query
      # prompt: none
      # post_logout_redirect_uri: https://app.z.com/auth/logout
      # token_endpoint_auth_method: client_secret_post
      # userinfo_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/userinfo
      # authorization_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/auth
      # token_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/token
      # end_session_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/logout
      # jwks_uri: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/certs
      # issuer: https://keycloak.z.com/auth/realms/z
      # registration_endpoint: https://keycloak.z.com/auth/realms/z/clients-registrations/openid-connect
      # check_session_iframe: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/login-status-iframe.html
      # client_name: zapp
      # client_uri: https://app.z.com
      # logo_uri: https://app.z.com/logo.png
      # policy_uri: https://app.z.com/policy
      # tos_uri: https://app.z.com/tos
      # jwks: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/certs