server{
    server_name keycloak.domain.com;

    listen 443 ssl http2;
    ssl_certificate /path/ssl/certificate.cert;
    ssl_certificate_key /path/ssl/certificate.key;

    access_log /var/log/nginx/keycloak.domain.com;

    client_max_body_size 100m;
    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

    location / {
        proxy_pass http://127.0.0.1:8080;

        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;

        proxy_redirect              off;

        proxy_set_header        Host             $host;
        proxy_set_header        X-Real-IP        $remote_addr;
        proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Port    $server_port;
        proxy_set_header        X-Forwarded-Proto   $scheme;
    }
}

server {
    server_name keycloak.domain.com;
    listen 80; listen [::]:80;


    if ($host = keycloak.domain.com) {
        return 301 https://$host$request_uri;
    }

    return 404;
}