diff --git a/docker-compose-keycloak-firstrun.yml b/docker-compose-keycloak-firstrun.yml
index 8e1766bf000b1ac06624c3d6493ba730c01f7fd1..2e777fb621010242b3e884ef410f1463cd48d98f 100644
--- a/docker-compose-keycloak-firstrun.yml
+++ b/docker-compose-keycloak-firstrun.yml
@@ -10,7 +10,7 @@ services:
   keycloak-firstrun:
     image: adorsys/keycloak-config-cli:latest
     environment:
-      - KEYCLOAK_URL=http://keycloak:8080/
+      - KEYCLOAK_URL=http://keycloak:8080/keycloak
       - KEYCLOAK_USER=tempadmin
       - KEYCLOAK_PASSWORD=tempadmin
       - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
@@ -30,7 +30,7 @@ services:
   keycloak-secondrun:
     image: adorsys/keycloak-config-cli:latest
     environment:
-      - KEYCLOAK_URL=http://keycloak:8080/
+      - KEYCLOAK_URL=http://keycloak:8080/keycloak
       - KEYCLOAK_USER=tempadmin
       - KEYCLOAK_PASSWORD=tempadmin
       - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
@@ -53,7 +53,7 @@ services:
   keycloak-thirdrun:
     image: adorsys/keycloak-config-cli:latest
     environment:
-      - KEYCLOAK_URL=http://keycloak:8080/
+      - KEYCLOAK_URL=http://keycloak:8080/keycloak
       - KEYCLOAK_USER=${keycloak_admin}
       - KEYCLOAK_PASSWORD=${keycloak_password}
       - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml
index 44f6b5d0d634c0b4fae53292917908b4212f1c79..1f4f557f1d3029502b88a4d5f3d971141f1fe7d1 100644
--- a/docker-compose-keycloak.yml
+++ b/docker-compose-keycloak.yml
@@ -15,11 +15,11 @@ services:
             - ./keycloak-data:/var/lib/postgresql/data
         networks:
             - keycloak-net
+        restart: always
+        
     keycloak:
         image: keycloak/keycloak
         command: start        
-        ports:
-            - "8080:8080"
         links:
             - keycloakdb
         depends_on:
@@ -35,12 +35,16 @@ services:
             - KC_DB_PASSWORD=postgres
             - KC_DB=postgres
             - KC_DB_URL=jdbc:postgresql://keycloakdb/keycloak
-            - KC_HOSTNAME=localhost
+            - KC_HOSTNAME=${leafwriter_domain}/keycloak
             - KC_HOSTNAME_PORT=8080
             - KC_HOSTNAME_STRICT_BACKCHANNEL=false
+            - KC_HOSTNAME_STRICT=false
+            - KC_PROXY_HEADERS=xforwarded
+            - KC_HTTP_RELATIVE_PATH=/keycloak
             - KC_HTTP_ENABLED=true
             - KC_HOSTNAME_STRICT_HTTPS=false
             - KC_HEALTH_ENABLED=true
+        restart: always
 
 networks:
     keycloak-net:
\ No newline at end of file
diff --git a/nginx_docker_internal_proxy/nginx_internal_forwarding.conf b/nginx_docker_internal_proxy/nginx_internal_forwarding.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0626d8970ee7acbf8698f4a4d9f17d64959b5548
--- /dev/null
+++ b/nginx_docker_internal_proxy/nginx_internal_forwarding.conf
@@ -0,0 +1,25 @@
+server {
+
+        server_name localhost;
+	listen 3000;
+	listen [::]:3000;
+
+
+        location /keycloak {
+                proxy_pass http://keycloak:8080;
+                proxy_pass_request_headers      on;                     
+        }
+
+        location /auth-api {
+                rewrite /auth-api/(.*) /$1  break;
+                proxy_pass http://auth-api:3000;
+                proxy_pass_request_headers      on;
+        }
+
+        location / {
+                proxy_pass http://leafwriter:3000;
+                proxy_pass_request_headers      on;
+        }
+
+}
+