Yes. I’ve set up an HTTPS reverse proxy in Apache as usual with and added the required header:


RequestHeader set X-Forwarded-Proto "https" env=HTTPS


Then I edited /usr/local/keycloak/standalone/configuration/standalone.xml according to these instructions.


From what I’ve seen there’s no difference in the responses between:


a)      Configuring reverse proxy in Apache only

b)      Configuring reverse proxy in Apache AND editing standalone.xml


In both cases the hostname is properly resolved, but not the protocol part.





p.s.: The documentation shows a configuration for an old release (1.1) of the undertow subsystem. Current is 3.0, which is also part of Keycloak distro. Is the configuration identical for both versions?



From: [] On Behalf Of Stian Thorgersen
Sent: Friday, February 26, 2016 1:36 PM
To: Matthias Müller
Cc: keycloak-user
Subject: Re: [keycloak-user] Keycloak 1.9 behind Apache2 reverse proxy not working properly


DId you follow documentation at


On 26 February 2016 at 12:53, Matthias Müller <> wrote:

Does anyone have experiences with Keycloak 1.9 in an Apache2 reverse
proxy configuration?

In my test setup I am running Keycloak as a standalone service on port
8080. It is proxied behind an Apache HTTP Server that manages the SSL
communication and forwards requests to localhost:8080. The Apache side
of the proxy is working. However, the administration console web page
(auth/admin/master/console/) still contains plain http://... links
(should be: https://) to the JS components which, of course, is invalid.
Obviously the Keycloak service does not see (or ignores) the X-Forwarded

Am I missing something here?


keycloak-user mailing list