Nginx reverse proxy -login auth not OK

I have nginx set up as a reverse proxy and it works I can log in and I have set

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true" />

however authentication fails in keycloak I have set ssl true for external requests.
so the server looks OK is accesible via Nginx proxy via fqdn>
Any thoughts ?

server_tokens off;

upstream keycloak { ip_hash; server; }

    listen 443 ssl http2; # managed by Certbot
       ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location /auth
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Access-Control-Allow-Origin *;

    listen 80;
    location / { return 301 https://$server_name; }

the name for the upstream is the same as the proxy_pass parameter

upstream keycloak { } …

proxy_pass; => proxy_pass http://keycloak;