cd /opt
wget https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.0.1/oauth2-proxy-v7.0.1.linux-amd64.tar.gz
tar xvfz oauth2-proxy-v7.0.1.linux-amd64.tar.gz
ln -s /opt/oauth2-proxy-v7.0.1.linux-amd64 /opt/oauth2-proxy

création du fichier de conf dans /opt/keycloak.cfg

provider = "oidc"
redirect_url = "https://transfert-images.parinux.org/oauth2/callback"
oidc_issuer_url = "https://sso.parinux.org/auth/realms/master"
upstreams = [
    "https://transfert-images.parinux.org"
]
email_domains = [
    "*"
]
client_id = "IDKeycloakduclient"
client_secret = "secretdukeycloakpourceclient"
pass_access_token = true
cookie_secret = "uncookiede32caractéres"
skip_provider_button = true

Tester votre fichier de conf

/opt/oauth2-proxy/oauth2-proxy --config=/opt/keycloak.cfg

Création du fichier /etc/systemd/system/oauth2-proxy.service

[Unit]
Description=oauth2-proxy daemon service
After=syslog.target network.target

[Service]
User=www-data
Group=www-data

ExecStart=/opt/oauth2-proxy/oauth2-proxy --config=/opt/keycloak.cfg
ExecReload=/bin/kill -HUP $MAINPID

KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target

si le reverse proxy n'est pas sur le même serveur il faut qu'il y ait :

ExecStart=/opt/oauth2-proxy/oauth2-proxy --config=/opt/keycloak.cfg --http-address=0.0.0.0:4180

le mettre en exécutable, permettre son lancement, son état et le lancer

chmod +x/etc/systemd/system/oauth2-proxy.service
systemctl enable oauth2-proxy.service
systemctl status oauth2-proxy.service
systemctl start oauth2-proxy.service

doc

https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#config-file

https://devopsloggers.com/2020/05/30/oauth2_proxy-google-authentication-using-nginx-on-ubuntu-18-04/