dasniko/_keycloak-cluster-config.md

## _keycloak-cluster-config.md

      
    Raw
  

              _keycloak-cluster-config.md
            
          
    Keycloak Cluster Configuration (How to) - Legacy Wildfly Distribution!!!

This is a short and simple example on how to build a proper Keycloak cluster, using JDBC_PING as discovery protocol and an NGINX server as reverse proxy.

As this is for legacy Keycloak version (Wildfly based, up until version 17), you can find an example for more current and uptodate versions at this gist here: https://gist.github.com/dasniko/3a57913047af3ca1b6b0a83b294dc1a1


Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU


## docker-compose-cluster.yml
version: '3'

services:
  postgres:
    container_name: kc_db
    image: postgres:latest
    environment:
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    ports:
      - 5432:5432

  kc1:
    container_name: kc1
    image: quay.io/keycloak/keycloak:17.0.0-legacy
    environment:
      DB_VENDOR: postgres
      DB_ADDR: postgres
      KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      PROXY_ADDRESS_FORWARDING: "true"
      CACHE_OWNERS_COUNT: 2
      CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
      JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
      JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
    depends_on:
      - postgres

  kc2:
    container_name: kc2
    image: quay.io/keycloak/keycloak:latest
    environment:
      DB_VENDOR: postgres
      DB_ADDR: postgres
      KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
      PROXY_ADDRESS_FORWARDING: "true"
      CACHE_OWNERS_COUNT: 2
      CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
      JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
      JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
    depends_on:
      - postgres

  lb:
    container_name: kc_lb
    image: nginx:alpine
    volumes:
      - ${PWD}/nginx.conf:/etc/nginx/conf.d/default.conf
    ports:
      - "8000:8000"
    depends_on:
      - kc1
      - kc2

## nginx.conf
upstream backend {
    server kc1:8080 fail_timeout=2s;
    server kc2:8080 fail_timeout=2s;
}

server {
    listen       8000;
    server_name  localhost;

    location / {
        proxy_set_header    Host               $host;
        proxy_set_header    X-Real-IP          $remote_addr;
        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Host   $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-Port   $server_port;
        proxy_set_header    X-Forwarded-Proto  $scheme;

        proxy_pass              http://backend;
        proxy_connect_timeout   2s;

        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
    }
}
	version: '3'

	services:
	postgres:
	container_name: kc_db
	image: postgres:latest
	environment:
	POSTGRES_USER: keycloak
	POSTGRES_PASSWORD: password
	ports:
	- 5432:5432

	kc1:
	container_name: kc1
	image: quay.io/keycloak/keycloak:17.0.0-legacy
	environment:
	DB_VENDOR: postgres
	DB_ADDR: postgres
	KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
	KEYCLOAK_USER: admin
	KEYCLOAK_PASSWORD: admin
	PROXY_ADDRESS_FORWARDING: "true"
	CACHE_OWNERS_COUNT: 2
	CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
	JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
	JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
	depends_on:
	- postgres

	kc2:
	container_name: kc2
	image: quay.io/keycloak/keycloak:latest
	environment:
	DB_VENDOR: postgres
	DB_ADDR: postgres
	KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
	PROXY_ADDRESS_FORWARDING: "true"
	CACHE_OWNERS_COUNT: 2
	CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
	JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
	JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
	depends_on:
	- postgres

	lb:
	container_name: kc_lb
	image: nginx:alpine
	volumes:
	- ${PWD}/nginx.conf:/etc/nginx/conf.d/default.conf
	ports:
	- "8000:8000"
	depends_on:
	- kc1
	- kc2
	upstream backend {
	server kc1:8080 fail_timeout=2s;
	server kc2:8080 fail_timeout=2s;
	}

	server {
	listen 8000;
	server_name localhost;

	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-Port $server_port;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass http://backend;
	proxy_connect_timeout 2s;

	proxy_buffer_size 128k;
	proxy_buffers 4 256k;
	proxy_busy_buffers_size 256k;
	}
	}