diff --git a/modules/keycloak.nix b/modules/keycloak.nix
index 2bc7e48..1127aac 100644
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@@ -12,7 +12,7 @@ with lib;
       settings = {
         hostname = dn;
         http-port = 8787;
-        https-port = 8788;
+        # https-port = 8788;
         http-enabled = true;
         hostname-strict-https = false;
         proxy-headers = "forwarded";
@@ -20,12 +20,19 @@ with lib;
       };
       database.passwordFile = "/keycloakbd";
     };
+
     nginx.virtualHosts.${dn} = {
       forceSSL = true;
       enableACME = true;
       locations = {
         "/" = {
           proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}";
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          '';
         };
       };
     };
diff --git a/system/shen/configuration.nix b/system/shen/configuration.nix
index d02caec..04488b9 100644
--- a/system/shen/configuration.nix
+++ b/system/shen/configuration.nix
@@ -131,6 +131,7 @@ in
     recommendedProxySettings = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
+
     virtualHosts."tfcconnection.org" = {
       forceSSL = true;
       enableACME = true;