Add support for the use of a reverse proxy.

defaults/main.yml

@@ -27,3 +27,5 @@ keycloak_database_max_pool_size: '50'
 
 keycloak_admin_user: kadmin
 #keycloak_admin_password: 'define it into a vault file'
+
+keycloak_behind_reverse_proxy: True

templates/standalone.xml.j2

@@ -505,7 +505,7 @@
         <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
             <buffer-cache name="default"/>
             <server name="default-server">
-                <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
+                <http-listener name="default" socket-binding="http" enable-http2="true" {% if keycloak_behind_reverse_proxy %} redirect-socket="proxy-https" proxy-address-forwarding="true"{% endif %}/>
                 <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
                 <host name="default-host" alias="localhost">
                     <location name="/" handler="welcome-content"/>
@@ -611,6 +611,9 @@
         <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
         <socket-binding name="http" port="${jboss.http.port:8080}"/>
         <socket-binding name="https" port="${jboss.https.port:8443}"/>
+        {% if keycloak_behind_reverse_proxy %}
+        <socket-binding name="proxy-https" port="443"/>
+        {% endif %}
         <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
         <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
         <socket-binding name="txn-recovery-environment" port="4712"/>