application.sample.yml

server:
  port: 8082
  address: 127.0.0.1
  use-forward-headers: true
  servlet:
    contextPath: /resource

resource-server:
  tmpdir: /tmp
  jsonfile: /path/to/jsonfile.json
  remote-host: backend.example.com
  cert:
    key-algorithm: RSA
    key-bits: 4096
    rng-algorithm: NativePRNGNonBlocking
    validity: 300 # 5 minutes
    # Only the private key is needed
    ca_private: /etc/portal-resource-server/ca_snakeoil
    ca_passphrase:

cors:
  allowed-origin-patterns:
    - '*'
    # - 'nimrod.example.com'
    # - '*.example.com'
  max-age: 3600

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          # This is only needed so the server can start if keycloak.example.com is down
          jwk-set-uri: https://keycloak.example.com/auth/realms/example-realm1/protocol/openid-connect/certs
          issuer-uri: https://keycloak.example.com/auth/realms/example-realm1
          client-id: example-realm1-client
          client-secret: 00000000-0000-0000-0000-000000000000
          audience-id: audience-id
management:
  server:
    port: 9001
  endpoint:
    health:
      probes:
        enabled: true