Connection refused when trying to connect to postgres driver running inside keycloak

Norma · February 4, 2025, 2:08am

I’m trying to start up keycloak version 26 running inside keycloak running inside docker container and should run independently without external postgres but it’s showing that connection refused but it also shows service on port 5432 has started which is the db

# Use the official Keycloak image as base
FROM quay.io/keycloak/keycloak:26.0.0
    ENV KC_HEALTH_ENABLED=true \
    KC_METRICS_ENABLED=true \
    KC_HTTP_ENABLED=true \
    DB_VENDOR=postgres \
    DB_ADDR=host.docker.internal \
    DB_DATABASE=keycloak \
    DB_USER=keycloak \
    DB_PASSWORD=keycloakdbpass \
    KEYCLOAK_ADMIN=admin \
    KEYCLOAK_ADMIN_PASSWORD=xxxx \
    KC_DB_URL=jdbc:postgresql://xxxx/keycloak \
    KEYCLOAK_ALLOW_SCRIPT_UPLOAD=true 
EXPOSE 8080 9000

# Copy import and theme files into the container
COPY ./import/master-realm.json /opt/keycloak/data/import/master-realm.json
COPY ./custom /opt/keycloak/themes/custom

#Copy full path
COPY keycloak.conf ./opt/keycloak/conf
ENTRYPOINT [ "/opt/keycloak/bin/kc.sh", "start", "--import-realm" , "--overwrite_realm", "--db=postgres"]

keycloak.conf

db=postgres
db-username=keycloak
db-password=xxxx
db-schema=public
db-migration=update
db-url=jdbc:postgresql://localhost/keycloak
health-enabled=true
metrics-enabled=true

^C2025-02-04 01:50:10,789 WARN  [io.quarkus.config] (main) Unrecognized configuration key "quarkus.smallrye-health.extensions.enabled" was provided; it will be ignored; verify that the dependency extension for this configuration is set or that you did not make a typo
2025-02-04 01:50:19,814 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2025-02-04 01:50:19,816 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (JPA Startup Thread) SQL Error: 0, SQLState: 08001
2025-02-04 01:50:19,816 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (JPA Startup Thread) Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2025-02-04 01:50:19,816 WARN  [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread) HHH000342: Could not obtain connection to query metadata: org.hibernate.exception.JDBCConnectionException: unable to obtain isolated JDBC connection [Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.] [n/a]
        at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:100)
        at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:58)
        at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:108)
        at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:94)
        at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doTheWork(JtaIsolationDelegate.java:202)
        at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.lambda$delegateWork$3(JtaIsolationDelegate.java:91)
        at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doInSuspendedTransaction(JtaIsolationDelegate.java:123)
        at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.delegateWork(JtaIsolationDelegate.java:88)
        at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironmentUsingJdbcMetadata(JdbcEnvironmentInitiator.java:320)
        at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:129)
        at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:81)
        at 

Caused by: java.net.ConnectException: Connection refused
        at java.base/sun.nio.ch.Net.pollConnect(Native Method)
        at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:682)
        at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:542)
        at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:592)
        at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
        at java.base/java.net.Socket.connect(Socket.java:751)
        at org.postgresql.core.PGStream.createSocket(PGStream.java:260)
        at org.postgresql.core.PGStream.<init>(PGStream.java:121)
        at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:140)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:268)
        ... 12 more

^C2025-02-04 01:50:21,461 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
2025-02-04 01:50:21,462 INFO  [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2025-02-04 01:50:21,596 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode

The above shows parts of the log files and here goal is to make use of postgres internal database

skydrinker-tox · February 4, 2025, 4:48am

Hello @Norma, looking at your ContainerFile, I think you should probably have a look to the following documentations :

Running Keycloak in a container - Keycloak
All configuration - Keycloak (note the distinction between “build options” and “configuration”)
Importing and Exporting Realms - Keycloak

All the configuration you have in the keycloak.conf file you’re copying in the image, should be set by environnement variables (see the 2nd link). The documentation never mention this keycloak.conf file when running keycloak in container.

dasniko · February 4, 2025, 6:13am

Additionally to what @skydrinker-tox says:

You have a wild mixture between config options and completely outdated and/or invalid environment variables, which lets me assume, you have not read the documentation at all but only have copies “something” from bad and old medium blog posts.
You have doubled some config values, without telling (or without knowign) why, of which purpose.

One can use whichever way of configuration he/she likes, it’s not dependent on the way how one runs Keycloak, see Configuring Keycloak - Keycloak There’s a hierarchy between the various options.
However, the env-way is one of the most used ways in a containerized Keycloak environment. But I also already saw configurations of conf file, env vars and CLI args, if it makes sense (and only then, don’t mix it up, just because because!).

bpedersen2 · February 4, 2025, 4:27pm

What should postgres internal database be? The keycloak container does not supply an internal postgres database, you need to run it separately ( and the use the correct hostname to access it).

Norma · February 4, 2025, 5:01pm

Yea then realized it now, don’t know what craziness l was thinking because l was running it directly with docker run , no other supporting postres server running .So meaning l must use postgres container but is it also possible to use postgresql installed in the linux system while it’s running on local host.

Topic		Replies	Views
Running Keycloak in docker container throwing error	2	826	June 19, 2024
Keycloak 18 + PostgreSQL database Getting advice	5	7456	February 2, 2023
Keycloak 18 and Docker Getting advice	4	6535	July 14, 2022
Getting Keycloak to use Postgres within docker compose Configuring the server	3	11795	June 25, 2024
Dockerized Keycloak not working with a not dockerized Postgres DB Configuring the server database	1	1618	March 8, 2022

Connection refused when trying to connect to postgres driver running inside keycloak

Related topics