reverse_proxies:

  kc:
    domain: keycloak.z.com
    host: http://127.0.0.1:8080
    entry_point: https
    tls:
      enabled: true
      certs: default
    
      
  app:
    domain: app.z.com
    host: http://127.0.0.1:3000
    entry_point: https
    tls:
      enabled: true
      certs: default
    auth: default

tls:
  certs:
    default:
      cert: z.com.cert.pem
      key: z.com.key.pem

entry_points:
  https:
    tls: true
    port: 443
  http:
    port: 80

auth:
  default:
    paths:
      prefix: /auth
      login:  /login
      logout:  /logout
      callback:  /callback
    open_id:
      host: http://127.0.0.1:8080
      realm: dev
      client_id: dev_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      redirect_uri: https://app.z.com/auth/callback
      post_logout_redirect_uri: https://app.z.com/auth/logout
      config_path: /realms/{{realm}}/.well-known/openid-configuration
      # config_fields:
      #   - issuer
      #   - authorization_endpoint
      #   - token_endpoint
      #   - introspection_endpoint
      #   - userinfo_endpoint
      #   - end_session_endpoint
      #   - jwks_uri
      # issuer: http://127.0.0.1:8080/realms/dev


    
#       scope: openid profile email

      # response_type: code
      # response_mode: query
      # prompt: none
      # post_logout_redirect_uri: https://app.z.com/auth/logout
      # token_endpoint_auth_method: client_secret_post
      # userinfo_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/userinfo
      # authorization_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/auth
      # token_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/token
      # end_session_endpoint: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/logout
      # jwks_uri: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/certs
      # issuer: https://keycloak.z.com/auth/realms/z
      # registration_endpoint: https://keycloak.z.com/auth/realms/z/clients-registrations/openid-connect
      # check_session_iframe: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/login-status-iframe.html
      # client_name: zapp
      # client_uri: https://app.z.com
      # logo_uri: https://app.z.com/logo.png
      # policy_uri: https://app.z.com/policy
      # tos_uri: https://app.z.com/tos
      # jwks: https://keycloak.z.com/auth/realms/z/protocol/openid-connect/certs