Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to configure a keycloak cluster properly

Keycloak Cluster Configuration (How to)

This is a short and simple example on how to build a proper Keycloak cluster, using JDBC_PING as discovery protocol and an NGINX server as reverse proxy.

Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU

version: '3'
services:
postgres:
container_name: kc_db
image: postgres:latest
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
ports:
- 5432:5432
kc1:
container_name: kc1
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: postgres
DB_ADDR: postgres
KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: "true"
CACHE_OWNERS_COUNT: 2
CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
depends_on:
- postgres
kc2:
container_name: kc2
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: postgres
DB_ADDR: postgres
KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
PROXY_ADDRESS_FORWARDING: "true"
CACHE_OWNERS_COUNT: 2
CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
depends_on:
- postgres
lb:
container_name: kc_lb
image: nginx:alpine
volumes:
- ${PWD}/nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- "8000:8000"
depends_on:
- kc1
- kc2
upstream backend {
server kc1:8080 fail_timeout=2s;
server kc2:8080 fail_timeout=2s;
}
server {
listen 8000;
server_name localhost;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://backend;
proxy_connect_timeout 2s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment