upstream keycloak {
    server keycloak:8080;
}

server {
    server_name auth.localhost;
    listen 80;

    # deny access to home page
    # exposed path recommendations https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
    location = / {
        deny all;
        return 404;
    }

    location / {
        proxy_buffering off;
        proxy_buffer_size          128k;
        proxy_buffers            4 256k;

        proxy_pass http://keycloak;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}