Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content

This sounds somehow like a duplicate of Keycloak Docker behind loadbalancer with https fails

Set the request headers X-Forwarded-For and X-Forwarded-Proto in nginx. Then you have to configure Keycloak (Wildfly, Undertow) to work together with the SSL terminating reverse proxy (aka load balancer). See http://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy for a detailed description.

The point is that nginx is terminating SSL and is forwarding the requests to Keycloak as pure http. Therefore Keycloak/Wildfly must be told that the incoming http requests from nginx must be handled like they were https.

Add the X-Forwarded-For and X-Forwarded-Proto headers (as Boomer said) in all upstream load balancers and make sure those reach Keycloak server. X-Forwarded-For should be the domain of your Keycloak which routes to the LB and X-Forwarded-Proto should be the protocol (most of the cases https).

As a final step you need to modify standalone.xml or standalone-ha.xml file and add the proxy-address-forwarding="true" attribute to <http-listener> element under <server>.

If you are using Docker you can use PROXY_ADDRESS_FORWARDING environment var from the original Keycloak container to set this attribute.

To elaborate on the reply from @MattBianco. In modern Keycloak variables you need to set KEYCLOAK_FRONTEND_URL to https:///auth. Using docker you can set this as an environment variable e.g. KEYCLOAK_FRONTEND_URL=https://auth.foo.com/auth