diff --git a/services/backend/services/keycloak/.compose.https.yaml b/services/backend/services/keycloak/.compose.https.yaml
new file mode 120000
index 00000000..8aa7b1cc
--- /dev/null
+++ b/services/backend/services/keycloak/.compose.https.yaml
@@ -0,0 +1 @@
+../../../.empty.yaml
\ No newline at end of file
diff --git a/services/backend/services/keycloak/compose.base.yaml b/services/backend/services/keycloak/compose.base.yaml
new file mode 100644
index 00000000..bb12449a
--- /dev/null
+++ b/services/backend/services/keycloak/compose.base.yaml
@@ -0,0 +1,16 @@
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:25.0
+    command: start-dev --import-realm --http-port=80
+    env_file: ./config/.env
+    volumes:
+      - ./healthcheck/healthcheck.sh:/healthcheck.sh
+      - ./config/facility-realm.json:/opt/keycloak/data/import/facility-realm.json:ro
+    labels:
+      - traefik.http.services.keycloak.loadbalancer.server.port=80
+    healthcheck:
+      test: bash /healthcheck.sh
+      start_period: 5s
+      interval: 30s
+      timeout: 10s
+      retries: 5
diff --git a/services/backend/services/keycloak/compose.https.yaml b/services/backend/services/keycloak/compose.https.yaml
new file mode 100644
index 00000000..188b35aa
--- /dev/null
+++ b/services/backend/services/keycloak/compose.https.yaml
@@ -0,0 +1,6 @@
+services:
+  keycloak:
+    env_file:
+      - ./config/.https.env
+    labels:
+      - traefik.http.services.keycloak.loadbalancer.passhostheader=true
diff --git a/services/backend/services/keycloak/compose.yaml b/services/backend/services/keycloak/compose.yaml
index bb12449a..16f8ad7a 100644
--- a/services/backend/services/keycloak/compose.yaml
+++ b/services/backend/services/keycloak/compose.yaml
@@ -1,16 +1,4 @@
-services:
-  keycloak:
-    image: quay.io/keycloak/keycloak:25.0
-    command: start-dev --import-realm --http-port=80
-    env_file: ./config/.env
-    volumes:
-      - ./healthcheck/healthcheck.sh:/healthcheck.sh
-      - ./config/facility-realm.json:/opt/keycloak/data/import/facility-realm.json:ro
-    labels:
-      - traefik.http.services.keycloak.loadbalancer.server.port=80
-    healthcheck:
-      test: bash /healthcheck.sh
-      start_period: 5s
-      interval: 30s
-      timeout: 10s
-      retries: 5
+include:
+  - path:
+      - compose.base.yaml
+      - .${KEYCLOAK_HTTPS_URL:+/}compose.https.yaml
diff --git a/services/backend/services/keycloak/config/.https.env b/services/backend/services/keycloak/config/.https.env
new file mode 100644
index 00000000..51c34ca5
--- /dev/null
+++ b/services/backend/services/keycloak/config/.https.env
@@ -0,0 +1,2 @@
+KC_PROXY_HEADERS=xforwarded
+PROXY_ADDRESS_FORWARDING=true