Access token is not available behind the application proxy

My backend is available at localhost:8080/backend. Authorization works in it.
For the front, the backend is available via the proxy “/server”.

server {
        listen 80;
        server_name _;
        client_max_body_size 25M;

  location /server {
       proxy_pass http://localhost:8080/backend;
       proxy_connect_timeout       600;
       proxy_send_timeout          600;
       proxy_read_timeout          600;
       send_timeout                600;
       proxy_cookie_path ~*^/.* /;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-NginX-Proxy true;
 }
 
    location / {
        root /opt/front;
        autoindex on;
        gzip_static  on;
        etag on;
        add_header Cache-Control "private, max-age=120";
        try_files $uri $uri/ /index.html;
    }
    error_log /var/log/nginx/front_error.log warn;
    access_log /var/log/nginx/front_access.log combined;
}

For example, I logged in to localhost:8080/backend/sso/login . But in localhost/server/sso/login, you need to log in again. And it looks incorrect, because after authorization, there is a redirect to localhost/backend/sso/login, but this is not the correct address.

I don’t see any Keycloak in your question. It doesn’t look like a good question for a Keycloak community, especially when backend code is black box and it not clear how authentication and authorization works there.

ok. I’ll add some details.
The backend is built by spring mvc and keycloak-spring-security-adapter.
The front works on angularjs.

Now I have discovered one thing, the standard login page /server/sso/login requires you to log in, even when already. Because of this, it always redirects to /backend/sso/login.

if i work only in the :8080/backend / zone, then everything is fine, but when replace the url for the front (via the proxy " /server/"), the authorization form is not available, it always asks you to log in