How to setup keycloak with render db

Phylliida · April 26, 2024, 5:05pm

There are some other topics but nothing that worked for me, this is the Dockerfile I used that finally worked

FROM quay.io/keycloak/keycloak:latest as builder

# necessary to let us use postgresql
ENV OPERATOR_KEYCLOAK_IMAGE=quay.io/keycloak/keycloak:latest

# set these env variables
ARG ADMIN
ARG ADMIN_PASSWORD

# set these env variables, from db website
ARG DB_USERNAME
ARG DB_PASSWORD
ARG DB_URL
ARG DB_DATABASE
ARG DB_PORT
ARG DB_SCHEMA

# set port 8443 to PORT environment variable in render
ENV KC_HTTP_RELATIVE_PATH=/auth
ENV PROXY_ADDRESS_FORWARDING=true
ENV KC_DB_USERNAME=$DB_USERNAME
ENV KC_DB_PASSWORD=$DB_PASSWORD
ENV KC_DB_URL_PROPERTIES='?'
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME=mykeycloaksite.onrender.com
ENV KC_HOSTNAME_ADMIN=mykeycloaksite.onrender.com
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=8443
ENV KC_HTTPS_PORT=8444
ENV KC_LOG_LEVEL=INFO
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_PROXY=passthrough
ENV KC_PROXY_HEADERS=xforwarded
ENV KEYCLOAK_ADMIN=$ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV KB_DB=postgres
ENV KC_DB_URL=jdbc:postgresql://${DB_URL}:${DB_PORT}/${DB_DATABASE}

# db may seem redundant but it is not
RUN /opt/keycloak/bin/kc.sh build --db=postgres
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
COPY --from=builder /opt/keycloak/ /opt/keycloak/

# necessary to let us use postgresql
ENV OPERATOR_KEYCLOAK_IMAGE=quay.io/keycloak/keycloak:latest

# set these env variables
ARG ADMIN
ARG ADMIN_PASSWORD

# set these env variables, from db website
ARG DB_USERNAME
ARG DB_PASSWORD
ARG DB_URL
ARG DB_DATABASE
ARG DB_PORT
ARG DB_SCHEMA

# set port 8443 to PORT environment variable in render
ENV KC_HTTP_RELATIVE_PATH=/auth
ENV PROXY_ADDRESS_FORWARDING=true
ENV KC_DB_USERNAME=$DB_USERNAME
ENV KC_DB_PASSWORD=$DB_PASSWORD
ENV KC_DB_URL_PROPERTIES='?'
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME=mykeycloaksite.onrender.com
ENV KC_HOSTNAME_ADMIN=mykeycloaksite.onrender.com
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=8443
ENV KC_HTTPS_PORT=8444
ENV KC_LOG_LEVEL=INFO
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_PROXY=passthrough
ENV KC_PROXY_HEADERS=xforwarded
ENV KEYCLOAK_ADMIN=$ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV KB_DB=postgres
ENV KC_DB_URL=jdbc:postgresql://${DB_URL}:${DB_PORT}/${DB_DATABASE}

EXPOSE 8443
EXPOSE 8444

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
# even though we build, using --optimized disallows postgresql databases so we need this workaround https://github.com/keycloak/keycloak/issues/15898
# in other words don't add optimzied here
CMD ["start", "--db=postgres"]

Render Dockerfile deploy, this works with a render postgres database

It takes about 2-3 min to start up, you probably want to get Starter to prevent downtime.

Replace mykeycloaksite with your keycloack address, set the PORT env in your render deploy to 8443, and create an environment variable in your render deploy for all those ARGs to the values given by your db provider

Note that the dashboard will be at

/auth/admin

also sometimes when you spin up a new instance the old ones are slow to go away so that can clutter your logs, keep that in mind

Phylliida · April 26, 2024, 5:36pm

Does anyone know how to fix

2024-04-26 17:34:43,614 WARN [org.jgroups.blocks.cs.NioServer] (NioServer.Selector [/[0:0:0:0:0:0:0:0]:24828]-3,srv-) failed handling message: java.lang.IllegalStateException: BaseServer.NioConnection.readPeerAddress(): cookie read by 10.xxx.xxx.xxx:24828 does not match own cookie; terminating connection

It seems to spam those a lot, it still works but I’d like to remove those warnings if possible

Phylliida · April 26, 2024, 5:45pm

oh also if you want to use cockroach db instead this works for me

FROM quay.io/phasetwo/keycloak-crdb:latest as builder
# FROM quay.io/keycloak/keycloak:latest as builder

# necessary to let us use cockroach
ENV OPERATOR_KEYCLOAK_IMAGE=quay.io/phasetwo/keycloak-crdb:latest

# set these env variables
ARG ADMIN
ARG ADMIN_PASSWORD

# set these env variables, from db website
ARG DB_USERNAME
ARG DB_PASSWORD
ARG DB_URL
ARG DB_DATABASE
ARG DB_PORT
ARG DB_SCHEMA
ARG CERT_PATH

# set port 8443 to PORT environment variable in render
ENV KC_HTTP_RELATIVE_PATH=/auth
ENV PROXY_ADDRESS_FORWARDING=true
ENV KC_DB_USERNAME=$DB_USERNAME
ENV KC_DB_PASSWORD=$DB_PASSWORD
ENV KC_DB_URL_PROPERTIES='?'
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME=mykeycloaksite.onrender.com
ENV KC_HOSTNAME_ADMIN=mykeycloaksite.onrender.com
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=8443
ENV KC_HTTPS_PORT=8444
ENV KC_LOG_LEVEL=INFO
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_PROXY=passthrough
ENV KC_PROXY_HEADERS=xforwarded
ENV KEYCLOAK_ADMIN=$ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV KB_DB=cockroach
ENV KC_TRANSACTION_XA_ENABLED=false
ENV KC_TRANSACTION_JTA_ENABLED=false
ENV KC_DB_URL=jdbc:postgresql://${DB_URL}:${DB_PORT}/${DB_DATABASE}

# db may seem redundant but it is not
RUN /opt/keycloak/bin/kc.sh build --db=cockroach
FROM quay.io/phasetwo/keycloak-crdb:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
COPY --from=builder /opt/keycloak/ /opt/keycloak/

# necessary to let us use cockroach db
ENV OPERATOR_KEYCLOAK_IMAGE=quay.io/phasetwo/keycloak-crdb:latest

# set these env variables
ARG ADMIN
ARG ADMIN_PASSWORD

# set these env variables, from db website
ARG DB_USERNAME
ARG DB_PASSWORD
ARG DB_URL
ARG DB_DATABASE
ARG DB_PORT
ARG DB_SCHEMA
ARG CERT_PATH

# set port 8443 to PORT environment variable in render
ENV KC_HTTP_RELATIVE_PATH=/auth
ENV PROXY_ADDRESS_FORWARDING=true
ENV KC_DB_USERNAME=$DB_USERNAME
ENV KC_DB_PASSWORD=$DB_PASSWORD
ENV KC_DB_URL_PROPERTIES='?'
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME=mykeycloaksite.onrender.com
ENV KC_HOSTNAME_ADMIN=mykeycloaksite.onrender.com
ENV KC_HTTP_ENABLED=true
ENV KC_HTTP_PORT=8443
ENV KC_HTTPS_PORT=8444
ENV KC_LOG_LEVEL=INFO
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_PROXY=passthrough
ENV KC_PROXY_HEADERS=xforwarded
ENV KEYCLOAK_ADMIN=$ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$ADMIN_PASSWORD
ENV KB_DB=cockroach
ENV KC_TRANSACTION_XA_ENABLED=false
ENV KC_TRANSACTION_JTA_ENABLED=false
ENV KC_DB_URL=jdbc:postgresql://${DB_URL}:${DB_PORT}/${DB_DATABASE}

RUN mkdir -p $HOME/.postgresql
ADD ${CERT_PATH} $HOME/.postgresql/root.crt

EXPOSE 8443
EXPOSE 8444

# does not match own cookie warnigns are normal idk how to fix them but they don't seem to matter

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
# even though we build, using --optimized disallows postgresql databases so we need this workaround https://github.com/keycloak/keycloak/issues/15898
# in other words don't add optimzied here
CMD ["start", "--db=cockroach"]

where CERT_PATH is the path of the cert it links you to when you try and connect using a general connection string

Topic		Replies	Views
Keycloack deploy fails with Exited with status 128	12	1235	July 16, 2023
Unable to connect to remote database from container in render	2	226	November 3, 2023
Can someone please help me translate docker-compose to render.yaml?	2	252	February 15, 2023
[bug report] shell reconnecting loop, exited with status 128, multiline env variables	3	397	September 11, 2022
Keycloak not working with nginx reverse proxy	2	329	February 18, 2024

How to setup keycloak with render db

Related Topics