Hiya


We've been running v1.9.2 behind a nginx proxy for some time now. Has the setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've kept the amended lines, but Keycloak is returns content in non-https appearing to ignore the X-Forwarded-Proto


<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...

<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

<socket-binding name="http" port="${jboss.http.port:8080}"/>

<socket-binding name="https" port="${jboss.https.port:8443}"/>

<socket-binding name="proxy-https" port="443"/> <---

...


But looking at the urls handed back, they are all http://


Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded headers added by the proxy

GET /auth/admin/master/console/ HTTP/1.0
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8