Recently I've upgraded keycloak from 17.0.0-legacy to 18.0.0. Our server is reverse-proxied by Caddy, and all our services are hosted on the non-standard https port 8443 extenally, whereas keycloak is hosted in the internal network at port 8080. When I'm trying to access the admin console from the welcome page, the link gives me a url without the port 8443, which is https://my.url.com/admin.

If I try to access the admin console with direct url, I get security error hosting the iframe since my page is hosted on port 8443 while the iframe url drops the port. When I looked into the html file returned from the console endpoint, I see something like this.

<script id="environment" type="application/json">
    {
      "loginRealm": "master",
      "authServerUrl": "https://my.url.com:8443",
      "authUrl": "https://my.url.com", /* port is missing here */
      "consoleBaseUrl": "/admin/master/console/",
      "resourceUrl": "/resources/jf2aa/admin/keycloak.v2",
      "masterRealm": "master",
      "resourceVersion": "jf2aa",
      "commitHash": "###",
      "isRunningAsTheme": true
    }
  </script>

I tried to walkthrough the Keycloak source code to find out where does this authUrl come from, but I got some difficulties since I haven't touched Java for years. I've also visited a lot of Github issues and forum posts closed to this issue but it didn't work out. It would be great if someone could offer some advice on resolving this issue. Thanks in advance!

For the record, here is the block for keycloak in the Caddyfile:

my.url.com:8443 {
  reverse_proxy http://caddy-keycloak:8080
}

Heres the document mentioning the default behaviour of Caddy adding headers for reverse proxies: Link.

It adds or augments the X-Forwarded-For header field.
It sets the X-Forwarded-Proto header field.
It sets the X-Forwarded-Host header field.

And here is the environment variables I used in docker-compose.yml

environment:
    - KEYCLOAK_ADMIN=$KEYCLOAK_USER
    - KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_PASSWORD
    - KC_HOSTNAME_STRICT=false
    - KC_PROXY=edge
    - HTTP_ADDRESS_FORWARDING=true
    - KC_DB=postgres
    - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak
    - KC_DB_PASSWORD=$KEYCLOAK_DB_PASSWORD
    - KC_HOSTNAME=my.url.com:8443
    - KC_HTTP_ENABLED=true
    - KC_HOSTNAME_STRICT_HTTPS=false
    - KC_SPI_HOSTNAME_DEFAULT_ADMIN=my.url.com:8443