Running Keycloak in docker container throwing error

Hi,

Facing issue running keycloak in docker container. Following link Running Keycloak in a container - Keycloak tried to run in Ubuntu 20.04. But getting error

2024-06-17 07:39:08,874 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2024-06-17 07:39:08,874 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Error details:: java.lang.RuntimeException: Failed to obtain JDBC connection
at org.keycloak.quarkus.runtime.storage.database.jpa.AbstractJpaConnectionProviderFactory.getConnection(AbstractJpaConnectionProviderFactory.java:56)
at org.keycloak.quarkus.runtime.storage.legacy.database.QuarkusJpaConnectionProviderFactory.postInit(QuarkusJpaConnectionProviderFactory.java:110)
at org.keycloak.quarkus.runtime.integration.QuarkusKeycloakSessionFactory.init(QuarkusKeycloakSessionFactory.java:105)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication.createSessionFactory(QuarkusKeycloakApplication.java:64)
at org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:91)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication.onStartupEvent(QuarkusKeycloakApplication.java:51)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication_Observer_onStartupEvent_GNZ8m5QenZ9h9VNelo7awjUZFDE.notify(Unknown Source)
at io.quarkus.arc.impl.EventImpl$Notifier.notifyObservers(EventImpl.java:346)
at io.quarkus.arc.impl.EventImpl$Notifier.notify(EventImpl.java:328)
at io.quarkus.arc.impl.EventImpl.fire(EventImpl.java:82)
at io.quarkus.arc.runtime.ArcRecorder.fireLifecycleEvent(ArcRecorder.java:155)
at io.quarkus.arc.runtime.ArcRecorder.handleLifecycleEvents(ArcRecorder.java:106)
at io.quarkus.deployment.steps.LifecycleEventsBuildStep$startupEvent1144526294.deploy_0(Unknown Source)
at io.quarkus.deployment.steps.LifecycleEventsBuildStep$startupEvent1144526294.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:101)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:111)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:71)
at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:139)
at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:35)
at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
at picocli.CommandLine.execute(CommandLine.java:2170)
at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:119)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:99)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:62)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:33)
Caused by: org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:346)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:273)
at org.postgresql.Driver.makeConnection(Driver.java:446)
at org.postgresql.Driver.connect(Driver.java:298)
at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:225)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:545)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:526)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.pollConnect(Native Method)
at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:682)
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:542)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:592)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:751)
at org.postgresql.core.PGStream.createSocket(PGStream.java:243)
at org.postgresql.core.PGStream.(PGStream.java:98)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:136)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:262)
… 12 more

Even tried to add postgresql driver postgresql-42.7.3.jar adding following ADD --chown=keycloak:keycloak --chmod=644 postgresql-42.7.3.jar /opt/keycloak/providers/myprovider.jar before keytool command. Same error is thrown, container exiting.

Please suggest.

Please make sure to put logs into a preformatted text/code block.

As the exception tells you, your database is misconfigured. Unfortunately you didn’t provide your configuration.

guessing from

Caused by: org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

it seems like you used localhost. This is not going to work as localhost in the container is local to the containers network namespace.
Depending on how you provisioned postgres you’ll need that hostname (docker compose container name, host.docker.internal, …).

Hi,

Thanks for your response. Earlier I was not running postgres & directly tried to run keycloak in docker container by following below command

docker run --name mykeycloak -p 8443:8443 \
        -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
        mykeycloak \
        start --optimized

Now tried running postgres in docker container & running the same code. Though it shows running, I am not able to access port https://VMIP:8443 getting empty response in web page.
Below is the response of above command

ubuntu@ip-VMPRIVATEIP:~/Software/keycloak_test$ docker run --name mykeycloak -p 8443:8443 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me --rm mykeycloak start-dev --optimized --verbose
Unknown option: '--optimized'
Try 'kc.sh start-dev --help' for more information on the available options.
ubuntu@ip-VMPRIVATEIP:~/Software/keycloak_test$ docker run --name mykeycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me --rm mykeycloak start-dev --optimized --verbose
Unknown option: '--optimized'
Try 'kc.sh start-dev --help' for more information on the available options.
ubuntu@ip-10-42-8-32:~/Software/keycloak_test$ docker run --name mykeycloak -p 8443:8443 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me --rm mykeycloak start --optimized --verbose
2024-06-19 06:44:03,940 INFO  [org.infinispan.CONTAINER] (ForkJoinPool.commonPool-worker-1) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-06-19 06:44:04,180 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2024-06-19 06:44:04,343 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000078: Starting JGroups channel `ISPN`
2024-06-19 06:44:04,344 INFO  [org.jgroups.JChannel] (ForkJoinPool.commonPool-worker-1) local_addr: 62a45d09-0d78-4fbd-a32f-bbfaa9dbeeb9, name: 1adde09c504f-25035
2024-06-19 06:44:04,350 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-06-19 06:44:04,353 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
2024-06-19 06:44:04,353 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-06-19 06:44:04,354 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
2024-06-19 06:44:04,361 INFO  [org.jgroups.protocols.FD_SOCK2] (ForkJoinPool.commonPool-worker-1) server listening on *.34510
2024-06-19 06:44:05,280 INFO  [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-06-19 06:44:06,386 INFO  [org.jgroups.protocols.pbcast.GMS] (ForkJoinPool.commonPool-worker-1) 1adde09c504f-25035: no members discovered after 2010 ms: creating cluster as coordinator
2024-06-19 06:44:06,393 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000094: Received new cluster view for channel ISPN: [1adde09c504f-25035|0] (1) [1adde09c504f-25035]
2024-06-19 06:44:06,411 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000079: Channel `ISPN` local address is `1adde09c504f-25035`, physical addresses are `[172.17.0.3:50046]`
2024-06-19 06:44:06,909 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 1adde09c504f-25035, Site name: null
2024-06-19 06:44:07,987 INFO  [io.quarkus] (main) Keycloak 25.0.0 on JVM (powered by Quarkus 3.8.5) started in 8.387s. Listening on: https://0.0.0.0:8443. Management interface listening on https://0.0.0.0:9000.
2024-06-19 06:44:07,988 INFO  [io.quarkus] (main) Profile prod activated.
2024-06-19 06:44:07,988 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx]

Even tried adding with --http-enabled=true to the above command, still not able to access keycloak http://VMIP:8080

Below is reponse of above command

ubuntu@ip-VMPRIVATEIP:~/Software/keycloak_test$ docker run --name mykeycloak -p 8443:8443 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me --rm mykeycloak start --http-enabled=true --optimized --verbose
2024-06-19 06:49:03,469 INFO  [org.infinispan.CONTAINER] (ForkJoinPool.commonPool-worker-1) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-06-19 06:49:03,728 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2024-06-19 06:49:03,859 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000078: Starting JGroups channel `ISPN`
2024-06-19 06:49:03,860 INFO  [org.jgroups.JChannel] (ForkJoinPool.commonPool-worker-1) local_addr: 8e4f1bf9-d035-4c74-a2b4-950be0d13558, name: 6c3814611f0c-21990
2024-06-19 06:49:03,865 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-06-19 06:49:03,865 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
2024-06-19 06:49:03,865 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-06-19 06:49:03,865 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
2024-06-19 06:49:03,880 INFO  [org.jgroups.protocols.FD_SOCK2] (ForkJoinPool.commonPool-worker-1) server listening on *.37386
2024-06-19 06:49:04,377 INFO  [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-06-19 06:49:05,888 INFO  [org.jgroups.protocols.pbcast.GMS] (ForkJoinPool.commonPool-worker-1) 6c3814611f0c-21990: no members discovered after 2004 ms: creating cluster as coordinator
2024-06-19 06:49:05,896 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000094: Received new cluster view for channel ISPN: [6c3814611f0c-21990|0] (1) [6c3814611f0c-21990]
2024-06-19 06:49:05,961 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000079: Channel `ISPN` local address is `6c3814611f0c-21990`, physical addresses are `[172.17.0.3:52922]`
2024-06-19 06:49:06,399 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 6c3814611f0c-21990, Site name: null
2024-06-19 06:49:07,454 INFO  [io.quarkus] (main) Keycloak 25.0.0 on JVM (powered by Quarkus 3.8.5) started in 8.305s. Listening on: http://0.0.0.0:8080 and https://0.0.0.0:8443. Management interface listening on https://0.0.0.0:9000.
2024-06-19 06:49:07,455 INFO  [io.quarkus] (main) Profile prod activated.
2024-06-19 06:49:07,455 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx]

Is it due to SSL certificate.

Below is my docker file

FROM quay.io/keycloak/keycloak:latest as builder

# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

# Configure a database vendor
ENV KC_DB=postgres

WORKDIR /opt/keycloak

#ADD --chown=keycloak:keycloak --chmod=644 postgresql-42.7.3.jar /opt/keycloak/providers/myprovider.jar

# for demonstration purposes only, please make sure to use proper certificates in production instead
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
#COPY keycloak-metrics-spi-2.5.3.jar /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar

# change these values to point to a running postgres instance
ENV KC_DB=postgres
ENV KC_DB_URL=jdbc:postgresql://VMPRIVATEIP:5433/keycloak
#ENV KC_DB_URL=jdbc:postgresql://mypostgres/mydatabase
ENV KC_DB_USERNAME=docker_user
ENV KC_DB_PASSWORD=docker_user
ENV KC_HOSTNAME=VMPRIVATEIP
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

In browser when we access VMIP:8443/admin, It is showing The connection for this site is not secure

VMIP sent an invalid response.

ERR_SSL_PROTOCOL_ERROR

When tried to run with following

docker run --name mykeycloak -p 8080:8080 \
        -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
        quay.io/keycloak/keycloak:latest \
        start-dev

While accessing VMIP:8080/admin over http it’s throwing error : We are sorry client not found.

Please suggest.