Hostname Configuration for Quarkus Load-balancing Setup

Hello,

I am new to advanced keycloak configuration, have been using keycloak WildFly distribution as a single instance for my project without any problem.

For WildFly distribution, there are lots of documents and topics about Keycloak Clusters. However, I couldn’t find much about Quarkus distribution. I need a shared database cluster setup for failover senarios. I use this as cache-ispn.xml(JDBC_PING): Keycloak 17 example using JGroups JDBC_PING discovery protocol for Infinispan · GitHub

I am trying the following setup and couldn’t even achieve reverse proxy settings.

Could you please help on the configuration(or please suggest better way). My approach can be wrong, I am not sure about it.

For now, using Docker and Kubernetes is not an option.

Server 1: kyc.serverdomain
NGINX Loadbalancing (I know round robin is not a good option, just trying to make it work for now)

Note: Connection should be secure to other servers.

Nginx Conf:

server {
        listen 80;
        listen [::]:80;
        server_name kyc.example.com;
        return 302 https://$server_name$request_uri;
}
upstream keycloak-cluster {
       server kyc1.example.com; 
       server kyc2.example.com;
}
server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name kyc.example.com;

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass https://keycloak-cluster;
       }

    ssl_certificate /etc/letsencrypt/live/kyc.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kyc.example.com/privkey.pem; 
}

Server 2: kyc1.serverdomain
Keycloak Instance 1

Nginx Conf:

server {
        server_name kyc1.example.com;
        return 302 https://$server_name$request_uri;
}

server {
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 
    server_name kyc1.example.com;

    ssl_certificate /etc/letsencrypt/live/kyc1.example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/kyc1.example.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

    location / {
                proxy_pass          https://0.0.0.0:8443/;
                proxy_http_version  1.1;
                proxy_set_header    Host $server_name:$server_port;
                proxy_set_header    X-Forwarded-Host $http_host;
                proxy_set_header    X-Forwarded-Proto $scheme;
                proxy_set_header    X-Forwarded-For $remote_addr;
    }

}

Keycloak Conf:

db=postgres
db-username=db_user_1
db-password=password
db-url=jdbc:postgresql://postgresql.example.com/keycloak_cluster_db
https-certificate-file=/etc/letsencrypt/live/kyc1.example.com/cert.pem
https-certificate-key-file=/etc/letsencrypt/live/kyc1.example.com/privkey.pem
proxy=edge
hostname=kyc.example.com **# Not sure if hostname is correct, if I change it to kyc1.example.com works well in a single instance**
https-port=8443
hostname-strict-backchannel=true

Server 3: kyc2.serverdomain
Keycloak Instance 2
Configuration is the same except the domain is kyc2.serverdomain

Server 4: PostgreSQL
Shared database for both instances