I already have a v16 running in Azure. Now, I’m trying to run a Keycloak 19 in Azure WebApp (with Azure SQL Server), but the container always stop with timeout.
My dockerfile
FROM quay.io/keycloak/keycloak:latest as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh
build
--db=mssql
--transaction-xa-enabled=false
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
ENV KC_DB=mssql
ENV KC_DB_URL=jdbc:sqlserver://<SERVER>:1433;databaseName=keycloak
ENV KC_DB_USERNAME=<USER>
ENV KC_DB_PASSWORD=<PASS>
ENV KC_HOSTNAME=localhost
EXPOSE 8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
I run locally normally, the problem only occurs in Azure
The container Log
2022-09-06T01:35:02.819Z INFO - Pulling image: marcem/keycloak:19.0.1
2022-09-06T01:35:04.669Z INFO - 19.0.1 Pulling from marcem/keycloak
2022-09-06T01:35:04.670Z INFO - Digest: sha256:41fe4fe72ecc4625032ef08b91fc3c64739b53482dd83a15d77c9e2b4f0f12e0
2022-09-06T01:35:04.671Z INFO - Status: Image is up to date for marcem/keycloak:19.0.1
2022-09-06T01:35:04.674Z INFO - Pull Image successful, Time taken: 0 Minutes and 1 Seconds
2022-09-06T01:35:04.686Z INFO - Starting container for site
2022-09-06T01:35:04.687Z INFO - docker run -d --expose=8443 --name idteste19_0_b2d18046 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8443 -e WEBSITE_SITE_NAME=idteste19 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=idteste19.azurewebsites.net -e WEBSITE_INSTANCE_ID=d666afc5e23f437c473fe3731926e159eed3db588814c4ad67c48018d825c3c4 -e WEBSITE_USE_DIAGNOSTIC_SERVER=False marcem/keycloak:19.0.1
2022-09-06T01:35:04.687Z INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2022-09-06T01:35:06.990Z INFO - Initiating warmup request to container idteste19_0_b2d18046 for site idteste19
2022-09-06T01:35:22.306Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 15.3159746 sec
2022-09-06T01:35:38.239Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 31.2483851 sec
2022-09-06T01:35:54.129Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 47.1388503 sec
2022-09-06T01:36:09.300Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 62.3097502 sec
2022-09-06T01:36:24.480Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 77.4895726 sec
2022-09-06T01:36:40.237Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 93.2471132 sec
2022-09-06T01:36:55.426Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 108.4360961 sec
2022-09-06T01:37:10.588Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 123.5979024 sec
2022-09-06T01:37:25.747Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 138.7566758 sec
2022-09-06T01:37:40.925Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 153.9341915 sec
2022-09-06T01:37:56.075Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 169.0848266 sec
2022-09-06T01:38:12.088Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 185.097369 sec
2022-09-06T01:38:27.253Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 200.2621661 sec
2022-09-06T01:38:42.393Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 215.4024129 sec
2022-09-06T01:38:57.060Z ERROR - Container idteste19_0_b2d18046 for site idteste19 did not start within expected time limit. Elapsed time = 230.0696036 sec
2022-09-06T01:38:57.086Z ERROR - Container idteste19_0_b2d18046 didn't respond to HTTP pings on port: 8443, failing site start. See container logs for debugging.
2022-09-06T01:38:57.093Z INFO - Stopping site idteste19 because it failed during startup.
The keycloak log
2022-09-06T01:35:18.552235082Z 2022-09-06 01:35:13,613 INFO [org.keycloak.common.Profile] (main) Preview feature enabled: token_exchange
2022-09-06T01:35:18.554454187Z 2022-09-06 01:35:13,647 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: localhost, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
2022-09-06T01:35:18.620453452Z 2022-09-06 01:35:16,830 INFO [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider
2022-09-06T01:35:20.874562080Z 2022-09-06 01:35:20,872 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-09-06T01:35:20.913982278Z 2022-09-06 01:35:20,913 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-09-06T01:35:21.007026510Z 2022-09-06 01:35:21,006 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-09-06T01:35:22.045335289Z 2022-09-06 01:35:22,038 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
2022-09-06T01:35:22.439656965Z 2022-09-06 01:35:22,439 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2022-09-06T01:35:22.442769173Z 2022-09-06 01:35:22,442 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2022-09-06T01:35:22.762236477Z 2022-09-06 01:35:22,761 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.773617706Z 2022-09-06 01:35:22,773 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.778530319Z 2022-09-06 01:35:22,777 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.783215231Z 2022-09-06 01:35:22,782 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:24.868971104Z 2022-09-06 01:35:24,868 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) 3ede773e307d-43775: no members discovered after 2018 ms: creating cluster as coordinator
2022-09-06T01:35:24.891014759Z 2022-09-06 01:35:24,890 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [3ede773e307d-43775|0] (1) [3ede773e307d-43775]
2022-09-06T01:35:24.901995387Z 2022-09-06 01:35:24,900 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `3ede773e307d-43775`, physical addresses are `[169.254.129.3:52868]`
2022-09-06T01:35:26.153975737Z 2022-09-06 01:35:26,153 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 3ede773e307d-43775, Site name: null
2022-09-06T01:35:28.435231448Z 2022-09-06 01:35:28,434 INFO [io.quarkus] (main) Keycloak 19.0.1 on JVM (powered by Quarkus 2.7.6.Final) started in 21.561s. Listening on: https://0.0.0.0:8443
2022-09-06T01:35:28.436131450Z 2022-09-06 01:35:28,435 INFO [io.quarkus] (main) Profile prod activated.
2022-09-06T01:35:28.436823052Z 2022-09-06 01:35:28,436 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
I tried change the KC_HOSTNAME (from localhost to xxx.azurewebsites.net), KC_HOSTNAME_PORT (to 443, 8443), PROXY_ADDRESS_FORWARDING (to false and true) and WEBSITES_PORT (to 80, 8080 and 8443). But unsuccessfully.
Any ideas?
Thanks a lot
2
Answers
I managed to get the Keycloak UI be shown and works to login. Now the only problem is with SSL cert.
But to get it started do this steps
in Dockerfile i added
after the [EntryPoint]
Then in Azure Configuration you need to add variables
and
and
You can also check the logs by enabling App Service Logs and then login to the Advanced Tools and check the Log files. The file ending with the _docker.log is the file to check if it starts up correctly.
I was also able to solve the problem by setting environment variables:
and using ENTRYPOINT