Currently with version 8.0.0 it is only possible to achieve with basic configuration
Even though you hide and rewrite path(s) behind a reverse proxy, one needs to rewrite response body (ui, oidc json body etc.) , headers (redirects), cookie paths and so on.
Even after achieving rewriting all paths it is not possible to change the issuer information inside a JWT token, which will always have the path /realms/<realm> attached to the end of it.
1 - realms/<realm> path instantly suggests that the system is using keycloak.
a - It is unlikely but this may be a vulnerability for a system which using a keycloak, if it is known from outside world that a system uses keycloak, and if keycloak has a known vulnerability.
b - Sharing tech stack with outside works for a system is not preferred generally.
2 - Shorter/ fully customizable URLs can be provided and with custom themes on the UI the product is fully customizable for consumers.
1 - There is already a configuration in the realm settings to set front-end URL, with a checkbox one can configure if this URL should override the entire realm/issuer URL.
2 - If the checkbox not selected (default) the system behaves as it is behaving now.
3 - If the checkbox is selected then system overrides all URLs of the realm with the provided realm URL including back-end URLs.
4 - Keycloak server can identify a realm for incomming requests with the unique Frontend URL or domain.
As an alternative
1 - In realm settings there might be a field to set custom unique realm path.