Skip to content

Instantly share code, notes, and snippets.

@dasniko

dasniko/_keycloak-cluster-config.md

Last active March 11, 2024 06:55
Show Gist options
  • Star 16 You must be signed in to star a gist
  • Fork 9 You must be signed in to fork a gist
  • Save dasniko/3a57913047af3ca1b6b0a83b294dc1a1 to your computer and use it in GitHub Desktop.
Save dasniko/3a57913047af3ca1b6b0a83b294dc1a1 to your computer and use it in GitHub Desktop.
Download ZIP
How to configure a Keycloak cluster properly (Quarkus edition)
Raw
_keycloak-cluster-config.md

Keycloak Cluster Configuration (How to)

This is a short and simple example on how to build a proper Keycloak cluster, using DNS_PING as discovery protocol and an NGINX server as reverse proxy.

If you prefer to use JDBC_PING, see @xgp's example gist here: https://gist.github.com/xgp/768eea11f92806b9c83f95902f7f8f80

Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU
NOTE: The video covers JDBC_PING protocol and uses the legacy Keycloak Wildfly distribution!

Raw
docker-compose-cluster.yml
version: '3.8'
services:
postgres:
image: postgres:latest
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: passw0rd
volumes:
- pg-data:/var/lib/postgresql/data
keycloak:
image: quay.io/keycloak/keycloak:latest
command: start-dev -Djgroups.dns.query=keycloak
environment:
KC_CACHE: ispn
KC_CACHE_STACK: kubernetes
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: passw0rd
KC_PROXY: edge
KC_HOSTNAME: localhost
KC_HOSTNAME_PORT: '8000'
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
deploy:
replicas: 2
endpoint_mode: dnsrr
lb:
image: nginx:alpine
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- "8000:8000"
volumes:
pg-data:
name: keycloak-demo-cluster-data
Raw
nginx.con
upstream backend {
ip_hash;
server keycloak-1:8080 fail_timeout=2s;
server keycloak-2:8080 fail_timeout=2s;
}
server {
listen 8000;
server_name localhost;
access_log off;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://backend;
proxy_connect_timeout 2s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
@samorganist
Copy link

Hello , anybody know how to share the cache between hosts that runs the same docker-compose like in this example?
i have this config:
Server 1 & 2 : running docker-compose
ExternalDatabse
loadBalancer: switch between the two servers

the cache is shared only on the instances running on the same server, so if you have a solution for this it will be so helpful for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment