Keycloak behind a reverse proxy, no access to certain paths

Configuring the server
1

Hello. We have setup Keycloak in AWS in a Fargate cluster, behind a reverse proxy gateway (KrakenD). Our problem is that when trying to access https://auth.staging.bikefolder.com it don’t download any javascript or css, and when trying to access the Admin Console, nothing happens. Requesting a token is working though. We are running the docker image like this:

docker run 
  --name keycloak 
  -dp 8080:8080 
  --log-driver=awslogs 
  --log-opt awslogs-region=eu-central-1 
  --log-opt awslogs-group=bikefolder-keycloak 
  --log-opt awslogs-create-group=true 
  --restart unless-stopped 
  -e TWILIO_ACCOUNT_SID=AC580...1f965 
  -e TWILIO_AUTH_TOKEN=901b6...d638c3 
  -e PHONE_NUMBER_FROM="+47...444" 
  -e KEYCLOAK_ADMIN=admin 
  -e KEYCLOAK_ADMIN_PASSWORD=ArH6zt...S2O 
  687...441.dkr.ecr.eu-central-1.amazonaws.com/bikefolder-keycloak:main 
  start-dev 
  --db=mysql 
  --db-url=jdbc:mysql://database-stack-staging-rds-instance-db.cluster-cl...vo.eu-central-1.rds.amazonaws.com:6543/keycloak 
  --db-username=admin 
  --db-password=xUu...X9c 
  --http-enabled=true  
  --health-enabled=true 
  --metrics-enabled=true 
  --proxy=reencrypt 
  --hostname-url=https://auth.staging.bikefolder.com 
  --hostname-admin-url=https://auth.staging.bikefolder.com 
  --hostname-strict=true 
  --hostname-strict-backchannel=true 
  --features=declarative-user-profile

The Dockerfile looks like this:

FROM quay.io/keycloak/keycloak:20.0.1 as builder
COPY example-keycloak-2fa-sms-authenticator-1.0-SNAPSHOT.jar /opt/keycloak/providers/
COPY build_keycloak/src/main/resources/theme/keycloak /opt/keycloak/themes/bikefolder

# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:20.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

Keycloak is running on an instance in AWS behind an Nginx proxy looking like this:

server
    {
      listen 80;
      listen [::]:80;
      root /varwww/html;
      index index.html index.htm index.nginx-debian.html;
      server_name auth.staging.bikefolder.com;

      location /
        {
          proxy_pass http://localhost:8080/;
          proxy_set_header    Host               $host;
          proxy_set_header    X-Real-IP          $remote_addr;
          proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header    Cookie             $http_cookie;
          proxy_set_header    X-Forwarded-Proto  $scheme;
        }
    }

Does anyone see an obvious wrong here?