skip to Main Content

Very weird situation where I can start Keycloak production docker server container (following Keycloak’s "Running Keycloak in a container" guide) by using docker run ... start --optimized and yet, using the exact same KC_DB_URL variable (it is built with the image made from Dockerfile) I get the error Datasource '<default>': Driver does not support the provided URL: jdbc:postgresql://pgkeydb/keycloak

How is this possible? I have trawled posts in regards to setups and have tried setting the ip instead of the service name but it defies logic that it works with the run command but not using the docker compose up -d command…

Below are the settings files that I am using. There are no errors other than being unable to connect to the database. I tried adding in the specific postgres driver as an ENV variable, no difference. tried changing the names of the user/db etc again no change.

Dockerfile (as per Keycloak guide plus ssl certs added)

FROM quay.io/keycloak/keycloak:25.0.1 as builder

VOLUME keycloak-data:/opt/keycloak/

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

ENV KC_DB=postgres

WORKDIR /opt/keycloak
COPY --chown=1000:0 certs/fullchain.pem /opt/keycloak/fullchain.pem
COPY --chown=1000:0 certs/privkey.pem /opt/keycloak/privkey.pem

RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:25.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/

ENV KC_FEATURES=hostname:v2
ENV KC_DB_URL=jdbc:postgresql://pgkeydb/keycloak
ENV KC_DB_USERNAME=postgres
ENV KC_DB_PASSWORD=some_strong_password
ENV KC_HOSTNAME=keycloak.tld.com
ENV KC_HOSTNAME_PORT=58443
ENV KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/fullchain.pem
ENV KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/privkey.pem
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

Docker compose (cannot connect to database, which, yes is running and connects fine using docker run):

services:
  keycloak:
    build: .
    container_name: service-keycloak
    command: start --optimized
    restart: always
    env_file: "keycloak.env"
    depends_on:
      - pgkeydb
    ports:
      - 58080:8080
      - 58443:8443
      - 59000:9000
    volumes:
      - keycloak-data:/opt/keycloak
    networks:
      - keycloak-network
  pgkeydb:
    image: postgres:16
    container_name: keycloak-postgres
    restart: always
    env_file: "pgres.env"
    volumes:
      - pgkeydb-data:/var/lib/postgresql/data
    networks:
      - keycloak-network
volumes:
  keycloak-data:
  pgkeydb-data:
networks:
  keycloak-network:
    name: keycloak-network

Docker run connects, runs fine:

docker run -d --name service-keycloak --net keycloak-network -p 58080:8080 -p 58443:8443 -p 59000:9000 -e KEYCLOAK_ADMIN=keyadmin -e KEYCLOAK_ADMIN_PASSWORD=some_strong_password -v keycloak-data service-keycloak start --optimized --verbose

Keycloak.env file

KEYCLOAK_ADMIN_USER: admin_user
KEYCLOAK_ADMIN_PASSWORD: some_strong_password
KEYCLOAK_FRONTEND_URL="https://keycloak.tld.com"

Have tried:

  • Numerous combinations of the jdbc connection string, including the ip of the database service
  • ENV that are in the Dockerfile also placed in the Keycloak.env file

Process tried:

  • Running docker build . -t service-keycloak

  • Referencing the build image as image: service-keycloak

  • Then docker compose up -d (builds/uses the correct image but hits the db error)

  • Using build: . in docker-compose file, to build and run the service from docker compose up -d

  • Builds fine postgres starts etc but again, db error

  • The only way I have been able to see the container connect to postgres is when using the docker run... command (on the exact same built image with SAME ENV vars!)

Anyone have any ideas? I seem to remember reading while looking at other issues something about --optimized forcing the use of H2 database but I could not find that article again and I could not find anything referencing H2 in log or docker inspect so not sure if that is the issue and if so how to fix it…

2

Answers


  1. Chosen as BEST ANSWER

    Resolved now! I forgot to do the most important step and BUILD the optimized image first! Below is what I needed to do.

    Build the Dockerfile image first:

    docker build . -t keycloak:23.0.1
    

    Then swap build: . with image: keycloak:23.0.1 in my docker-compose.yml

    Then it would use the optimized image created from docker build...


  2. I’ve been trying to run Keycloak in production mode for two days now and i still can’t. could you provide me with the files and the steps to do so? thanks!

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search