Email link is wrong keycloakx

Configuring the server
,
1

I’m trying to configure keycloakx behind an ingress nginx on kubernetes, but I think I’m missing something because Email links are not working correctly. my keycloakx is available at https://sso.funccloud.com, but in emails URLs are http://url8011.funccloud.com/ls/click?upn=

How can I fix this Base URL mismatch?

Here are my k8s configurations

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    service: keycloak
    layer: security
spec:
  selector:
    matchLabels:
      service: keycloak
      layer: security
  template:
    metadata:
      labels:
        service: keycloak
        layer: security
    spec:
      containers:
        - image: quay.io/keycloak/keycloak-x:16.1.0
          imagePullPolicy: IfNotPresent
          args: 
            - "-Djgroups.dns.query=keycloak-jgroups-ping.keycloak.svc.cluster.local"
            - "start"
            - "--auto-build"
            - "--cache-stack=kubernetes"
            - "--db=postgres"
            - "--db-url=jdbc:${DATABASE_URL}"
            - "--db-username=${DATABASE_USERNAME}"
            - "--db-password=${DATABASE_PASSWORD}"
            - "--hostname ${HOSTNAME}"
            - "--proxy edge"
            - "--hostname-strict-https=false"
            - "--hostname-strict=false"
            - "--metrics-enabled=true"
            - "--hostname-strict-backchannel=true"
          name: keycloak
          resources:
            limits:
              cpu: 500m
              memory: 512Mi
            requests:
              cpu: 500m
              memory: 512Mi
          ports:
            - containerPort: 8443
            - containerPort: 8080
            - containerPort: 4444
            - containerPort: 8888
          env:
            - name: HOSTNAME
              value: sso.funccloud.com
            - name: KEYCLOAK_ADMIN
              valueFrom:
                secretKeyRef:
                  name: keycloak-creds
                  key: admin-username
            - name: KEYCLOAK_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-creds
                  key: admin-password
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: keycloak-creds
                  key: database-url
            - name: DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
                  name: keycloak-creds
                  key: database-username
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-creds
                  key: database-password
            - name: JAVA_OPTS
              value: -Xms128m -Xmx128m -XX:MetaspaceSize=128M -XX:MaxMetaspaceSize=128m -Djava.net.preferIPv4Stack=true -Djava.security.egd=file:/dev/./urandom -Xlog:gc* -Djgroups.dns.query=keycloak-jgroups-ping.keycloak.svc.cluster.local

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    service: keycloak
    layer: security
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/upstream-vhost: sso.funccloud.com
spec:
  ingressClassName: nginx
  rules:
    - host: sso.funccloud.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service: 
                name: keycloak
                port: 
                  number: 8080
  tls: 
    - 
      hosts: 
        - sso.funccloud.com
      secretName: keycloak-certificate