Docker Keycloak with external db

Hello im just new to keycloak. I’ve bee trying to setup keycloak with docker and with external db. Documentation says i had to setup the env vars to make it work. I tried doing it but it seems that keycloak cannot connect to my db. I know theres an instruction to use docker network and use that but my db is not in a docker container. Everytime i run there’s an error of cannot connect to database. How do i go around this?

Im using mysql and using this env vars to run keycloak
DB_VENDOR=mysql
DB_ADDR=127.0.0.1
DB_PORT=3306
DB_DATABASE=keycloak_db
DB_USER=root
DB_PASSWORD=password

Are you using a docker-compose? You can try this docker-compose

version: '3'

services:
  mysql:
      image: mysql:5.7
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: admin
      ports:
        - 8080:8080
      depends_on:
        - mysql

Thanks i think i know the problem now.
Docker container cannot connect to my host localhost right away, thats why its not working. And that’s why most of the examples are mysql docker container.

Unless you use network_mode: host, then 127.0.0.1 is localhost inside the container, not the host. You can use DB_ADDR=the proper IP, or maybe 172.17.0.1 instead.

Greetings, I’m trying to do something similar. Ultimately I want to deploy onto an EC2 instance and point to an RDS postgres instance. THat’s a later discussion though. Right now, I’m just tryint to play around with the environmental variables to connect to my docker container host’s local installation of postgres. I’m not including a postgres section in my docker compose file as my production enviroment will be using RDS.

While testing locally on my machine, I am unable to get a good database connection. My docker-compose.yml looks like this:

version: '3'

services:
 keycloak:
   image: quay.io/keycloak/keycloak:10.0.1
   ports:
     - "8080:8080"
   environment:
    NODE_ENV: sit
    DEBUGGING: 1

    # Admin account
    KEYCLOAK_USER: admin
    KEYCLOAK_PASSWORD: keycloak

    PROXY_ADDRESS_FORWARDING: 'true'
    # PostgreSQL DB settings
    DB_VENDOR: postgres
    DB_ADDR: 172.17.0.1
    DB_PORT: 5432
    DB_DATABASE: keycloak
    DB_SCHEMA: public
    DB_USER: keycloak
    DB_PWD: keycloak

I keep getting a failure to connect to database error.
I’m not sure if I’m running into an issue with docker on the DB_ADDR variable. Can’t I use 172.17.0.1 to access the host machine’s loopback?loopback

Any idea how I can use these environmental variables to hit a local PG instance?

letting your docker container connect to your localhost is a pain in the a**. I had the same thoughts with you to try stuff before deploying it some server. What i did is i tried to setup a Database on another machine instead and connect to that db via machine’s IP.

Hope it helps.

Thanks for the info. 172.17.0.1 didn’t work for me and I tried the host IP and that didn’t work either. I’m not sure what to try next. I’ve not seen any examples on the internet on how to use all of the environment variables to connect to a non dockerized database. Thanks for the suggestions.
Tyler

An example docker-compose.yml:

version: '3.7'

services:

  openldap:
    container_name: openldap
    build:
      context: ./services/openldap
      dockerfile: Dockerfile
    env_file: ./services/openldap/openldap.env
    ports:
      - "389:389"
      - "636:636"

  keycloak:
    container_name: keycloak
    build:
      context: ./services/keycloak
      dockerfile: Dockerfile
    ports:
      - "10001:8080"
      - "10443:8443"
    volumes:
      - .:/export
    env_file: ./services/keycloak/keycloak.env
    depends_on:
      - openldap

  postgres:
    container_name: postgres
    build:
      context: ./services/postgres
      dockerfile: Dockerfile
    ports:
      - "5432:5432"
    volumes:
      - .:/var/lib/postgresql/data
    env_file: ./services/postgres/postgres.env

  pgadmin:
    container_name: pgadmin
    build:
      context: ./services/pgadmin
      dockerfile: Dockerfile
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:-admin@serendipity.org.au}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-secret}
    ports:
      - "${PGADMIN_PORT:-5050}:80"
    volumes:
      - .:/root/.pgadmin

  jasperreports-server:
    container_name: jasperreports-server
    build:
      context: ./services/jasperreports-server
      dockerfile: Dockerfile
    ports:
      - "11001:8080"
      - "11443:8443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./services/jasperreports-server/license:/usr/local/share/jasperserver/license
      - ./services/jasperreports-server/keystore:/usr/local/share/jasperserver/keystore
    env_file: ./services/jasperreports-server/jasperreports-server.env
    environment:
      - DB_HOST=postgres
    depends_on:
      - jasperreports-server-cmdline
    command: ["/wait-for-container-to-exit.sh", "jasperreports-server-cmdline", "-t" , "30", "--", "/entrypoint-ce.sh", "run"]

  jasperreports-server-cmdline:
    container_name: jasperreports-server-cmdline
    build:
      context: ./services/jasperreports-server
      dockerfile: Dockerfile-cmdline
    volumes:
      - ./services/jasperreports-server/license:/usr/local/share/jasperserver/license
      - ./services/jasperreports-server/keystore:/usr/local/share/jasperserver/keystore
    env_file: ./services/jasperreports-server/jasperreports-server.env
    environment:
      - DB_HOST=postgres
      - JRS_LOAD_SAMPLES=false
    depends_on:
      - postgres
    command: ["/wait-for-it.sh", "postgres:5432", "-t" , "30", "--", "/entrypoint-cmdline-ce.sh", "init"]

  serendipity-server:
    container_name: serendipity-server
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "3001:3001"
    environment:
      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/development/protocol/openid-connect/certs
      - SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/serendipity
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - keycloak
      - jasperreports-server-cmdline
    command: ["/wait-for-container-to-exit.sh", "jasperreports-server-cmdline", "-t" , "30", "--", "/entrypoint.sh"]


I would check firstly that your host is 172.17.0.1, and not some other address, and secondly that your Postgres server is actualling listening on that address (use “netstat -anp” to list all ports and their processes). Some servers only listen on loopback (127.0.0.0/8) by default, and need to be reconfigured to listen on other interfaces.