I was reading through this 3 year old blog, that has been referenced multiple times by elasticsearch employees in these forums, and I was hoping to ask you a question.
While playing around with this setup for an elastic cloud deployment, I was able to follow along and get the reverse proxy working with basic auth. However, for more complicated authentication mechanisms like SAML I noticed a bit of a drawback; if the SAML configurations redirects for the '/callback' are pointing to the original instance domain name, it redirects off the custom reverse proxy domain. Of course, with SAML or OAuth/OIDC you can control the redirect uris for third parties like azuread. However, "login with Elastic Cloud" is an uncontrolled login method, meaning I cannot change the redirect uris.
So, my question is this, am I missing something here? are you able to alter those redirect uris for SAML with Elastic Cloud Login, or is there a trick in the reverse proxy for getting around this?