Hi everyone,
I’m trying to deploy a Keycloak instance on Render using the quay.io/keycloak/keycloak:26.0.1
image. The deployment seems to succeed (despite some errors in the logs), but when I try to access the service via a browser, I consistently get a 502 Bad Gateway error.
Here’s what I’ve done so far:
- I followed the reverse proxy configuration guides:
- I ensured the proxy settings in the Keycloak configuration are properly applied.
However, I’m running into an issue with HTTPS. Normally, Keycloak needs a certificate to handle HTTPS, but since Render manages the HTTPS termination, I can’t provide a certificate directly to Keycloak. This means I need to configure Keycloak to properly trust the reverse proxy for HTTPS.
If I skip setting up the proxy and simply configure Keycloak to run over HTTP, it works fine. However, this is not secure because Keycloak doesn’t mark the session cookies as secure
since it doesn’t detect HTTPS traffic.
Logs
info==> Starting service…
Nov 27 03:48:35 PMinfoChanges detected in configuration. Updating the server image.
Nov 27 03:48:36 PMinfoUpdating the configuration and installing your custom providers, if any. Please wait.
Nov 27 03:49:11 PMinfo==> No open ports detected, continuing to scan…
Nov 27 03:49:12 PMinfo==> Docs on specifying a port: https://…web-services#port-binding
Nov 27 03:50:15 PMinfo==> No open ports detected, continuing to scan…
Nov 27 03:50:16 PMinfo==> Docs on specifying a port: https://…web-services#port-binding
Nov 27 03:51:18 PMinfo2024-11-27 14:51:18,972 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 147200ms
Nov 27 03:51:19 PMinfoServer configuration updated and persisted.Run the following command to review the configuration:
Nov 27 03:51:19 PMinfo
Nov 27 03:51:19 PMinfo kc.sh show-config
Nov 27 03:51:19 PMinfo
Nov 27 03:51:19 PMinfoNext time you run the server, just run:
Nov 27 03:51:19 PMinfo
Nov 27 03:51:19 PMinfo kc.sh start --optimized
Nov 27 03:51:19 PMinfo
Nov 27 03:51:22 PMinfo==> No open ports detected, continuing to scan…
Nov 27 03:51:22 PMinfo==> Docs on specifying a port: https://…web-services#port-binding
Nov 27 03:52:20 PMinfo2024-11-27 14:52:20,668 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Starting Infinispan embedded cache manager
Nov 27 03:52:22 PMinfo2024-11-27 14:52:22,975 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for sessions to 10000 entries.
Nov 27 03:52:22 PMinfo2024-11-27 14:52:22,975 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for clientSessions to 10000 entries.
Nov 27 03:52:22 PMinfo2024-11-27 14:52:22,975 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineSessions to 10000 entries.
Nov 27 03:52:22 PMinfo2024-11-27 14:52:22,975 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineClientSessions to 10000 entries.
Nov 27 03:52:27 PMinfo==> No open ports detected, continuing to scan…
Nov 27 03:52:28 PMinfo==> Docs on specifying a port: https://…web-services#port-binding
Nov 27 03:52:30 PMwarning2024-11-27 14:52:30,468 WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (JPA Startup Thread) SQL Error: 0, SQLState: null
Nov 27 03:52:30 PMerror2024-11-27 14:52:30,468 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (JPA Startup Thread) Acquisition timeout while waiting for new connection
Nov 27 03:52:30 PMwarning2024-11-27 14:52:30,667 WARN [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread) HHH000342: Could not obtain connection to query metadata: org.hibernate.exception.GenericJDBCException: unable to obtain isolated JDBC connection [Acquisition timeout while waiting for new connection] [n/a]
Nov 27 03:52:30 PMinfo at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:63)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:108)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:94)
Nov 27 03:52:30 PMinfo at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doTheWork(JtaIsolationDelegate.java:202)
Nov 27 03:52:30 PMinfo at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.lambda$delegateWork$3(JtaIsolationDelegate.java:91)
Nov 27 03:52:30 PMinfo at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doInSuspendedTransaction(JtaIsolationDelegate.java:123)
Nov 27 03:52:30 PMinfo at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.delegateWork(JtaIsolationDelegate.java:88)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironmentUsingJdbcMetadata(JdbcEnvironmentInitiator.java:321)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:130)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:82)
Nov 27 03:52:30 PMinfo at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.initiateService(StandardServiceRegistryImpl.java:130)
Nov 27 03:52:30 PMinfo at org.hibernate.service.internal.AbstractServiceRegistryImpl.createService(AbstractServiceRegistryImpl.java:263)
Nov 27 03:52:30 PMinfo at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:238)
Nov 27 03:52:30 PMinfo at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:215)
Nov 27 03:52:30 PMinfo at org.hibernate.service.ServiceRegistry.requireService(ServiceRegistry.java:68)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcServicesImpl.java:52)
Nov 27 03:52:30 PMinfo at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:136)
Nov 27 03:52:30 PMinfo at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:247)
Nov 27 03:52:30 PMinfo at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:215)
Nov 27 03:52:30 PMinfo at org.hibernate.service.ServiceRegistry.requireService(ServiceRegistry.java:68)
Nov 27 03:52:30 PMinfo at org.hibernate.boot.internal.SessionFactoryOptionsBuilder.(SessionFactoryOptionsBuilder.java:290)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.recording.PrevalidatedQuarkusMetadata.buildSessionFactoryOptionsBuilder(PrevalidatedQuarkusMetadata.java:72)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.boot.FastBootEntityManagerFactoryBuilder.build(FastBootEntityManagerFactoryBuilder.java:84)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.FastBootHibernatePersistenceProvider.createEntityManagerFactory(FastBootHibernatePersistenceProvider.java:73)
Nov 27 03:52:30 PMinfo at jakarta.persistence.Persistence.createEntityManagerFactory(Persistence.java:80)
Nov 27 03:52:30 PMinfo at jakarta.persistence.Persistence.createEntityManagerFactory(Persistence.java:55)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.JPAConfig$LazyPersistenceUnit.get(JPAConfig.java:154)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.JPAConfig$1.run(JPAConfig.java:61)
Nov 27 03:52:30 PMinfo at java.base/java.lang.Thread.run(Thread.java:1583)
Nov 27 03:52:30 PMinfoCaused by: java.sql.SQLException: Acquisition timeout while waiting for new connection
Nov 27 03:52:30 PMinfo at io.agroal.pool.ConnectionPool.handlerFromSharedCache(ConnectionPool.java:362)
Nov 27 03:52:30 PMinfo at io.agroal.pool.ConnectionPool.getConnection(ConnectionPool.java:288)
Nov 27 03:52:30 PMinfo at io.agroal.pool.DataSource.getConnection(DataSource.java:86)
Nov 27 03:52:30 PMinfo at io.quarkus.hibernate.orm.runtime.customized.QuarkusConnectionProvider.getConnection(QuarkusConnectionProvider.java:23)
Nov 27 03:52:30 PMinfo at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator$ConnectionProviderJdbcConnectionAccess.obtainConnection(JdbcEnvironmentInitiator.java:468)
Nov 27 03:52:30 PMinfo at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doTheWork(JtaIsolationDelegate.java:180)
Nov 27 03:52:30 PMinfo … 25 more
Nov 27 03:52:30 PMinfoCaused by: java.util.concurrent.TimeoutException
Nov 27 03:52:30 PMinfo at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:204)
Nov 27 03:52:30 PMinfo at io.agroal.pool.ConnectionPool.handlerFromSharedCache(ConnectionPool.java:339)
Nov 27 03:52:30 PMinfo … 30 more
Nov 27 03:52:30 PMinfo
Nov 27 03:52:31 PMinfo2024-11-27 14:52:31,569 INFO [org.infinispan.CONTAINER] (Thread-5) ISPN000556: Starting user marshaller ‘org.infinispan.commons.marshall.ImmutableProtoStreamMarshaller’
Nov 27 03:52:44 PMwarning2024-11-27 14:52:44,774 WARN [io.quarkus.hibernate.orm.runtime.service.QuarkusRuntimeInitDialectFactory] (JPA Startup Thread) Persistence unit keycloak-default: Could not retrieve the database version to check it is at least 12.0.0
Nov 27 03:52:46 PMinfo2024-11-27 14:52:46,274 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
Nov 27 03:52:46 PMinfo2024-11-27 14:52:46,472 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_262666, Site name: null
Nov 27 03:53:04 PMwarning2024-11-27 14:53:04,472 WARN [io.agroal.pool] (main) Datasource ‘’: JDBC resources leaked: 3 ResultSet(s) and 0 Statement(s)
Nov 27 03:53:08 PMinfo2024-11-27 14:53:08,271 INFO [io.quarkus] (main) Keycloak 26.0.1 on JVM (powered by Quarkus 3.15.1) started in 107.302s. Listening on: http:// 0.0.0.0:8080
Nov 27 03:53:08 PMinfo2024-11-27 14:53:08,272 INFO [io.quarkus] (main) Profile prod activated.
Nov 27 03:53:08 PMinfo2024-11-27 14:53:08,272 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, narayana-jta, opentelemetry, reactive-routes, rest, rest-jackson, smallrye-context-propagation, vertx]
Nov 27 03:53:16 PMinfo==> Your service is live
Nov 27 03:53:29 PMinfo==> No open HTTP ports detected on 0.0.0.0, continuing to scan…
Has anyone encountered a similar issue when deploying Keycloak on Render? Any guidance on resolving the 502 error while keeping the deployment secure would be greatly appreciated!
Thanks in advance for your help!