{{ ansible_managed | comment }}

{{ keycloak_domains | join(', ') }} {
    encode gzip

    header {
        # enable HSTS
        Strict-Transport-Security "max-age=31536000; preload;"

        # disable clients from sniffing the media type
        X-Content-Type-Options nosniff

        # keep referrer data off of HTTP connections
        Referrer-Policy no-referrer-when-downgrade

        # Server name removing
        -Server
    }

    reverse_proxy keycloak:8080
}