Proxy Setup - Well Known config urls

Hi, I’ve been attempting to setup a proxy in front of my dev version of keycloak that runs in a docker container on Windows, I set the env var on setup of the container in preparation:


And I’ve been into the admin area to set the front end url for the specific realm, eg:


And cleared all the cache for the realm but when I check the well-known config file, some of the URLs still include the localhost:8080 domain:

  "issuer": "",
  "authorization_endpoint": "",
  "token_endpoint": "http://localhost:8080/auth/realms/testing/protocol/openid-connect/token",
  "introspection_endpoint": "http://localhost:8080/auth/realms/testing/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "http://localhost:8080/auth/realms/testing/protocol/openid-connect/userinfo",
  "end_session_endpoint": "",
  "jwks_uri": "http://localhost:8080/auth/realms/testing/protocol/openid-connect/certs",
  "check_session_iframe": "",
  "grant_types_supported": [....

Am I missing something, I would have thought my changes would have been used for all urls above (and the other 2 further down in the well-known config).


Ok I’ve figured it out, I had to edit the standalone-ha.xml file on the container to set the value for forceBackendUrlToFrontendUrl to be true, I saw this bit in the docs which led to some searching and then finding that the docker container uses the standalone-ha.xml by default:

My next task is to figure out how I can run the proxy from something like which internally points directly to the realm in question, a bit like is described here:

I’m finding the docs exhaustive but a little tough to penetrate solving particular issues but nevertheless things are impressive so far on the whole.