In order to return the correct endpoints in the discovery document when running Keycloak behind a reverse proxy, the docs state that you have to make sure that the reverse proxy is preserving the original Host header.
“Configure your reverse proxy or loadbalancer to preserve the original ‘Host’ HTTP header.” from Server Installation and Configuration Guide
This is not possible in every case. So instead, I would like to use the X-Forwarded-Host header (X-Forwarded-Host - HTTP | MDN). The documentation does not state that this is supported and I remember having tested this some time ago and it did not work. When I recently tested this with the official Keycloak 15.0.2 Docker image and PROXY_ADDRESS_FORWARDING=true, I realized that Keycloak is now respecting the X-Forwarded-Header and adjusts the endpoints in the discovery endpoint.
Has this feature been added recently and were the docs not updated? I couldn’t find anything on GitHub or in the Keycloak issue tracker.
Cheers
Marco