For anyone having same/similar issues, I managed to solve my problem by using following arguments:
'--auto-build',
'--db=oracle',
'--http-port=8389',
'--http-enabled=true',
'--http-relative-path=/auth',
'--hostname-strict-https=false',
'--hostname-strict=false',
'--proxy=edge'
So, ignore --hostname, --hostname-admin, --hostname-path altogether. Then with existing configuration of frontendUrl per realm (from previous versions) it works how I want it to work - I can access some realms with internal IP, and some with external domain (described above).
My proxy is mapping my.domain.com/auth to /auth in keycloak.
Next time I’m probably not reading new documentation because it brought me a lot of confusion.