diff --git a/config/hosts/keycloak/keycloak.nix b/config/hosts/keycloak/keycloak.nix
index e8e38c3..2ae957b 100644
--- a/config/hosts/keycloak/keycloak.nix
+++ b/config/hosts/keycloak/keycloak.nix
@@ -5,7 +5,7 @@
     settings = {
       hostname = "https://id.nekover.se";
       hostname-admin = "https://keycloak-admin.nekover.se";
-      proxy-headers = "forwarded";
+      proxy-headers = "xforwarded";
       http-enabled = true;
       http-host = "127.0.0.1";
       http-port = 8080;
diff --git a/config/hosts/keycloak/nginx.nix b/config/hosts/keycloak/nginx.nix
index 0c83ea0..c82597d 100644
--- a/config/hosts/keycloak/nginx.nix
+++ b/config/hosts/keycloak/nginx.nix
@@ -41,6 +41,13 @@
           proxy_buffer_size 128k;
           proxy_buffers 8 128k;
 
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Port 443;
+          # This is https in any case.
+          proxy_set_header X-Forwarded-Proto https;
           # Hide the X-Forwarded header.
           proxy_hide_header X-Forwarded;
           # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
@@ -96,6 +103,13 @@
           proxy_buffer_size 128k;
           proxy_buffers 8 128k;
 
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Port 443;
+          # This is https in any case.
+          proxy_set_header X-Forwarded-Proto https;
           # Hide the X-Forwarded header.
           proxy_hide_header X-Forwarded;
           # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that