I have been using the `quay.io/keycloak/keycloak:19.0.3-legacy` with docker compose and JHipster. Now, JHipster application exposes UI to 8080, keycloak also exposes to 8080, so we map it to another port, say 9080.
JHipster app talks to the keycloak via service name and port, like so: keycloak:8080, and all works fine until you try to login, where you get redirected to keycloak:8080 -> which does not exist on the host machine.
To fix this issue, JHipster usually tells keycloak to run on 9080 inside container and exposes it also to 9080. Then JHipster app talks to keycloak:9080, and host machine also sees keycloak on 9080. In order for login redirect to work, you have to edit /etc/hosts and map keycloak to 127.0.0.1.
So far, all good, but I had to use legacy keycloak, that simply ignored KC_ environment variables. So, the KC_HTTP_PORT=9080 had no effect and keycloak kept coming up on port 8080. I could not figure out why and did not want to rebuild the docker image myself. So, as a hack, to get it mapped to 9080, I passed in the jboss param JAVA_TOOL_OPTIONS: ‘-Djboss.http.port=9080’:
version: '3'
services:
keycloak:
image: quay.io/keycloak/keycloak:19.0.3-legacy
volumes:
- ./realms:/tmp/realms
environment:
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
KEYCLOAK_IMPORT: /tmp/realms/jhipster-realm.json
KC_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_LEGACY_LOGOUT_REDIRECT_URI: "true"
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
JAVA_TOOL_OPTIONS: '-Djboss.http.port=9080'
ports:
- 9080:9080
healthcheck:
test: 'bash /tmp/realms/keycloak-health-check.sh'
interval: 5s
timeout: 5s
retries: 20
start_period: 10s
KC vars are still ignored, but this got me unstuck. For health check I simply used curl to 9080.
Docker compose files, from my test hello world project can be seen here: https://github.com/divukman/jhipster-keycloak-2/tree/main/hello_world_keycloak/src/main/docker.