ali1
January 23, 2024, 3:18pm
1
Hello Everyone!
version: '3.9'
services:
mysql:
image: mysql:8.0
restart: unless-stopped
ports:
- 3309:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: keycloak
MYSQL_PASSWORD: keycloak
MYSQL_DATABASE: keycloakPreformatted text
networks:
migration-keycloak-and-mysql-network:
ipv4_address: 192.168.1.2
keycloak:
image: quay.io/keycloak/keycloak:23.0.4
user: root
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_DB: "mysql"
KC_DB_URL: 'jdbc:mysql://192.168.1.2:3306/keycloak'
KC_DB_USERNAME: root
KC_DB_PASSWORD: root
KC_Hostname: localhost
KC_HTTPS_KEY_STORE_PASSWORD: secret
entrypoint: /bin/bash
command: -c "cd /opt/keycloak/conf && keytool -genkeypair -alias localhost -keyalg RSA -keysize 2048 -validity 365 -keystore server.keystore -dname 'cn=Server Administrator,o=Acme,c=GB' -keypass secret -storepass secret && cd ../bin/ && ./kc.sh show-config && ./kc.sh start --log-level=INFO --hostname=localhost"
ports:
- 8080:8080
restart: unless-stopped
networks:
migration-keycloak-and-mysql-network:
ipv4_address: 192.168.1.3
depends_on:
- mysql
networks:
migration-keycloak-and-mysql-network:
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
What am I doing wrong?
Thanks a lot!
Hi Ali
There are different errors in your docker compose file:
mysql container:
mysql port mapping: should be 3306:3306
MYSQL_DATABASE: keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
keycloak container:
when running keycloak with https, you should also map the port 8443:8443
Then I found out, that there is a timing issue. So just depends_on mysql is not enough. Instead, I implemented a health check found here: A better Docker MySQL heathcheck | Strangebuzz .
This ends up in this modified docker compose:
version: '3.9'
services:
mysql:
image: mysql:8.0
restart: unless-stopped
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: keycloak
MYSQL_PASSWORD: keycloak
MYSQL_DATABASE: keycloak
healthcheck:
test: ["CMD-SHELL", "mysqladmin ping -P 3306 -proot | grep 'mysqld is alive' || exit 1"]
interval: 10s
timeout: 30s
retries: 10
networks:
migration-keycloak-and-mysql-network:
ipv4_address: 192.168.1.2
keycloak:
image: quay.io/keycloak/keycloak:23.0.4
user: root
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_DB: "mysql"
KC_DB_URL: 'jdbc:mysql://192.168.1.2:3306/keycloak'
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
KC_Hostname: localhost
KC_HTTPS_KEY_STORE_PASSWORD: secret
entrypoint: /bin/bash
command: -c "cd /opt/keycloak/conf && keytool -genkeypair -alias localhost -keyalg RSA -keysize 2048 -validity 365 -keystore server.keystore -dname 'cn=Server Administrator,o=Acme,c=GB' -keypass secret -storepass secret && cd ../bin/ && ./kc.sh show-config && ./kc.sh start --log-level=INFO --hostname=localhost"
ports:
- 8080:8080
- 8443:8443
restart: unless-stopped
networks:
migration-keycloak-and-mysql-network:
ipv4_address: 192.168.1.3
depends_on:
mysql:
condition: service_healthy
networks:
migration-keycloak-and-mysql-network:
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
There are still many things in this compose file that looks strange to me, but at least it is working when accessing keycloak with https://localhost:8443/ with these modifications.
Kind regards, Stefan