diff --git a/hosts/containers/keycloak/default.nix b/hosts/containers/keycloak/default.nix
index 8a1958af..ead48de2 100644
--- a/hosts/containers/keycloak/default.nix
+++ b/hosts/containers/keycloak/default.nix
@@ -29,11 +29,11 @@ in
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "https://127.0.0.1:8443";
+        proxyPass = "http://127.0.0.1:8080";
         # proxyWebsockets = true;
       };
       locations."/auth" = {
-        proxyPass = "https://127.0.0.1:8443/auth";
+        proxyPass = "http://127.0.0.1:8080/auth";
         # proxyWebsockets = true;
       };
     };
@@ -48,6 +48,8 @@ in
     inherit (pkgs.keycloak-secrets) initialAdminPassword;
     frontendUrl = "https://${frontendDomain}/auth";
     forceBackendUrlToFrontendUrl = true;
+    httpPort = "8080";
+    bindAddress = "127.0.0.1";
     # sslCertificate = "/var/lib/acme/${frontendDomain}/fullchain.pem";
     # sslCertificateKey = "/var/lib/acme/${frontendDomain}/key.pem";
     database.passwordFile = builtins.toFile "db_password" dbPassword;