[keycloak-user] Internet facing Keycloak, security best practices ?

[Mathieu Poussin]

Hello.

Is there any king of best practices on how to deploy and secure an internet facing Keycloak instance ?

So far I've been doing some filtering on my reverse proxy :

- Limit /auth/admin to trusted IP
- Block = /auth (The default auth page)

But I suppose there are maby other things that can be done ?
I could not find any official documentation.

Thanks.