http2 is ok
do not deny x-frames!
see https://pub.nethence.com/system/ansible/playbooks/nginx/
and precisely
https://pub.nethence.com/system/ansible/playbooks/nginx/templates/nginx.kc.conf
https://pub.nethence.com/system/ansible/playbooks/nginx/files/kc.kc.conf
http://keycloak.org/server/reverseproxy
https://github.com/ahmedbaberkhan/keycloak-with-nginx-over-https ==> nginx sample configuration