I’d like to do the same, but atm I use nginx to serve all the web interfaces… And keycloak support is either a plus subscription feature or made to work with hacky Lua scripts.

So for now it’s security through obscurity, I got a wildcard cert and the pages are accessed based on subdomain. So afaik nobody has a clue unless they start iterating common subdomain names. (At some point™️ I’m adding proper auth though)