Keycloak custom hostname configuration

i have created the keycloak docker runs behind the traefik with a domain associated. With something like this:

traefik.http.routers.keycloak.rule: Host("keycloak.${DOMAINNAME}")
traefik.http.routers.keycloak.entrypoints: web, websecure
traefik.http.routers.keycloak.tls: true
traefik.http.routers.keycloak.tls.certresolver: production

And everything is working fine. But i want to use the hostname feature of keycloak realm, as mentioned in this document keycloak-community/hostname-default-provider.md at main · keycloak/keycloak-community · GitHub
im trying to do something like this with traefik:

It is not possible to override the context-path. It may be useful to be able to host Keycloak publicly through a reverse proxy on for example `https://auth.mycompany.com` which would be mapped to `https://keycloak.mycompany.local/auth/realms/myrealm` .

I tried to define a new router with middleware to handle the redirect,

http:
  routers:
    newDomain:
      rule: "Host(`login.newdoamin.com`)"
      middlewares: testMid
      tls:
        certResolver: production
  middlewares:
    testMid:
      redirectregex:
        regex: ^https:\\\\login\.newdoamin\.com\/?$$
        replacement: https://keycloak.${DOMAINNAME}/auth/realms/myrealm/"

but as mentioned in the documentation, it must be associated with a service, i cannot even see these newly configured router and middleware in dashboard.

Then i tried to add these label inside the keyloak service:

traefik.http.routers.keycloak.rule: Host("keycloak.${DOMAINNAME}", "login.newdomain.com")
      traefik.http.routers.keycloak.entrypoints: web, websecure
      traefik.http.routers.keycloak.tls: true
      traefik.http.routers.keycloak.tls.certresolver: production

      traefik.http.routers.keycloak.middlewares: testMid

      traefik.http.middlewares.testMid.redirectregex.regex: ^https:\\\\login\.newdomain\.com\/?$$
      traefik.http.middlewares.testMid.redirectregex.replacement: https://keycloak.${DOMAINNAME}/auth/realms/myrealm/"

but the ssl cannot be generated, for the new domain.

any ideas?