Keycloak behind reverse proxy
To have the Keycloak login form use https I needed to add proxy-address-forwarding="true"
to the undertow http-listener.
The reverse proxy also has to be configured to send the X-Forwarded-For
and X-Forwarded-Proto
headers.
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true"/>
See Setting Up a Load Balancer or Proxy for details.