Very weird situation where I can start Keycloak production docker server container (following Keycloak’s "Running Keycloak in a container" guide) by using docker run ... start --optimized
and yet, using the exact same KC_DB_URL variable (it is built with the image made from Dockerfile) I get the error Datasource '<default>': Driver does not support the provided URL: jdbc:postgresql://pgkeydb/keycloak
How is this possible? I have trawled posts in regards to setups and have tried setting the ip instead of the service name but it defies logic that it works with the run
command but not using the docker compose up -d
command…
Below are the settings files that I am using. There are no errors other than being unable to connect to the database. I tried adding in the specific postgres driver as an ENV variable, no difference. tried changing the names of the user/db etc again no change.
Dockerfile (as per Keycloak guide plus ssl certs added)
FROM quay.io/keycloak/keycloak:25.0.1 as builder
VOLUME keycloak-data:/opt/keycloak/
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=postgres
WORKDIR /opt/keycloak
COPY --chown=1000:0 certs/fullchain.pem /opt/keycloak/fullchain.pem
COPY --chown=1000:0 certs/privkey.pem /opt/keycloak/privkey.pem
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:25.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENV KC_FEATURES=hostname:v2
ENV KC_DB_URL=jdbc:postgresql://pgkeydb/keycloak
ENV KC_DB_USERNAME=postgres
ENV KC_DB_PASSWORD=some_strong_password
ENV KC_HOSTNAME=keycloak.tld.com
ENV KC_HOSTNAME_PORT=58443
ENV KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/fullchain.pem
ENV KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/privkey.pem
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
Docker compose (cannot connect to database, which, yes is running and connects fine using docker run
):
services:
keycloak:
build: .
container_name: service-keycloak
command: start --optimized
restart: always
env_file: "keycloak.env"
depends_on:
- pgkeydb
ports:
- 58080:8080
- 58443:8443
- 59000:9000
volumes:
- keycloak-data:/opt/keycloak
networks:
- keycloak-network
pgkeydb:
image: postgres:16
container_name: keycloak-postgres
restart: always
env_file: "pgres.env"
volumes:
- pgkeydb-data:/var/lib/postgresql/data
networks:
- keycloak-network
volumes:
keycloak-data:
pgkeydb-data:
networks:
keycloak-network:
name: keycloak-network
Docker run connects, runs fine:
docker run -d --name service-keycloak --net keycloak-network -p 58080:8080 -p 58443:8443 -p 59000:9000 -e KEYCLOAK_ADMIN=keyadmin -e KEYCLOAK_ADMIN_PASSWORD=some_strong_password -v keycloak-data service-keycloak start --optimized --verbose
Keycloak.env file
KEYCLOAK_ADMIN_USER: admin_user
KEYCLOAK_ADMIN_PASSWORD: some_strong_password
KEYCLOAK_FRONTEND_URL="https://keycloak.tld.com"
Have tried:
- Numerous combinations of the jdbc connection string, including the ip of the database service
- ENV that are in the Dockerfile also placed in the Keycloak.env file
Process tried:
-
Running
docker build . -t service-keycloak
-
Referencing the build image as image: service-keycloak
-
Then
docker compose up -d
(builds/uses the correct image but hits the db error) -
Using
build: .
indocker-compose
file, to build and run the service fromdocker compose up -d
-
Builds fine postgres starts etc but again, db error
-
The only way I have been able to see the container connect to postgres is when using the
docker run...
command (on the exact same built image with SAME ENV vars!)
Anyone have any ideas? I seem to remember reading while looking at other issues something about --optimized
forcing the use of H2 database but I could not find that article again and I could not find anything referencing H2 in log or docker inspect
so not sure if that is the issue and if so how to fix it…
2
Answers
Resolved now! I forgot to do the most important step and BUILD the optimized image first! Below is what I needed to do.
Build the Dockerfile image first:
Then swap
build: .
withimage: keycloak:23.0.1
in mydocker-compose.yml
Then it would use the optimized image created from
docker build...
I’ve been trying to run Keycloak in production mode for two days now and i still can’t. could you provide me with the files and the steps to do so? thanks!