I am trying to deploy a keycloak docker container as a Fargate Task in AWS. The Task starts and the keycloak landing page is available in the provided DNS, but after some seconds it goes back offline.
After troubleshooting a bit I discovered that the problem arises by the ALB’s healthcheck. The ALB makes thinks the app is unhealthy and it kills the task. I tried with different paths for the healthchech: “/”, “/auth”, “/index.html”. None of the paths solve the issue, however, when I run a HTTP GET request on postman on those paths when the task is still up I get a “200 OK” response, so I don’t understand why the healthcheck fails…
Is there a special path in keycloak for the healthcheck? Or does anyone know how how to solve this issue?
“/”, “/auth”, “/index.html" - all of these urls redirects to
/auth/, they don’t return
There is no official healthcheck endpoint. You can build own image with 3rd party extension - e.g. https://github.com/thomasdarimont/keycloak-health-checks which will provide proper healthcheck endpoint. Or just use some
/auth/, which should return 200 by default.
I solved the issue. Appartently the OK response was taking too long and the healthcheck ALB thought it was not working, so tweaking the waiting times of the Healthcheck did the trick.
I think authz is too heavy for healthcheck, I’m using /auth/realms/master/.well-known/openid-configuration. BTW, if you use Fargate then you can’t expose more than 1 port. If you’re going to run keycloak cluster then it requires additional port for cluster communication