notes
- Encrypted GlusterFS storage cluster
- arch-linux
  - Compiz on Arch Linux
- elastic
  - Quick local Elasticsearch and Kibana
- ffmpeg
  - Video from PNGs with color background
- git
  - Git Bash prompt and autocomplete
- keycloak
  - Keycloak behind reverse proxy
  - Serving Keycloak from /
- openldap
  - Modify LDAP user password
  - OpenLDAP with Let's Encrypt
- python
  - uninstall-all-user-packages.md
- ssh
  - SSH and SSHFS over Unix Sockets
- ssl
  - Quick SSL notes
- systemd
  - Python output in journal
  - Systemd user service for ssh-agent
- xorg
  - Fix for Ryzen Renoir graphics
  - Modern touchpad configuration
projects
- Markdown Links
- MarkdownUp
  - Git post-receive hook
  - systemd service
- repstat
  - RepStat Android App Privacy Policy

Keycloak behind reverse proxy

To have the Keycloak login form use https I needed to add proxy-address-forwarding="true" to the undertow http-listener. The reverse proxy also has to be configured to send the X-Forwarded-For and X-Forwarded-Proto headers.

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true"/>

See Setting Up a Load Balancer or Proxy for details.