dasniko · December 24, 2024 18:02 · Feb 12, 2024 · Oct 9, 2023 · May 13, 2022 · Mar 12, 2022
diff --git a/_keycloak-cluster-config.md b/_keycloak-cluster-config.md
@@ -2,9 +2,7 @@
 
 This is a short and simple example on how to build a proper Keycloak cluster, using `DNS_PING` as discovery protocol and an NGINX server as reverse proxy.
 
-To get it working properly, just enable Docker Swarm mode with `docker swarm init` and just run it as it were a regular Docker Compose deployment.
-So, just `docker compose up` is enough, don't deploy a swarm `stack`! (This would cause trouble and extra complexity with networking)  
-Afterwards, you can disable Swarm again with `docker swarm leave -f`, if needed.
+If you prefer to use JDBC_PING, see @xgp's example gist here: https://gist.github.com/xgp/768eea11f92806b9c83f95902f7f8f80
 
 ---
 

diff --git a/docker-compose-cluster.yml b/docker-compose-cluster.yml
@@ -20,8 +20,8 @@ services:
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: passw0rd
       KC_PROXY: edge
-      KC_HOSTNAME_STRICT: "false"
-      KC_SPI_EVENTS_LISTENER_JBOSS_LOGGING_SUCCESS_LEVEL: info
+      KC_HOSTNAME: localhost
+      KC_HOSTNAME_PORT: "8000"
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: admin
     deploy:

diff --git a/nginx.con b/nginx.con
@@ -1,21 +1,20 @@
 upstream backend {
+    ip_hash;
     server keycloak-1:8080 fail_timeout=2s;
     server keycloak-2:8080 fail_timeout=2s;
 }
 
 server {
     listen       8000;
     server_name  localhost;
+    access_log   off;
 
     location / {
-        proxy_set_header    Host               $host;
-        proxy_set_header    X-Real-IP          $remote_addr;
         proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Proto  $scheme;
         proxy_set_header    X-Forwarded-Host   $host;
-        proxy_set_header    X-Forwarded-Server $host;
         proxy_set_header    X-Forwarded-Port   $server_port;
-        proxy_set_header    X-Forwarded-Proto  $scheme;
-
+
         proxy_pass              http://backend;
         proxy_connect_timeout   2s;
 

diff --git a/docker-compose-cluster.yml b/docker-compose-cluster.yml
@@ -20,6 +20,7 @@ services:
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: passw0rd
       KC_PROXY: edge
+      KC_HOSTNAME_STRICT: "false"
       KC_SPI_EVENTS_LISTENER_JBOSS_LOGGING_SUCCESS_LEVEL: info
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: admin

diff --git a/docker-compose-cluster.yml b/docker-compose-cluster.yml
@@ -5,23 +5,22 @@ services:
     image: postgres:latest
     environment:
       POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: password
+      POSTGRES_PASSWORD: passw0rd
     volumes:
       - pg-data:/var/lib/postgresql/data
 
   keycloak:
     image: quay.io/keycloak/keycloak:latest
-    command: start --auto-build -Djgroups.dns.query=keycloak
+    command: start-dev -Djgroups.dns.query=keycloak
     environment:
       KC_CACHE: ispn
       KC_CACHE_STACK: kubernetes
       KC_DB: postgres
       KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
       KC_DB_USERNAME: keycloak
-      KC_DB_PASSWORD: password
-      KC_HOSTNAME: localhost:8000
-      KC_HOSTNAME_STRICT: "false"
+      KC_DB_PASSWORD: passw0rd
       KC_PROXY: edge
+      KC_SPI_EVENTS_LISTENER_JBOSS_LOGGING_SUCCESS_LEVEL: info
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: admin
     deploy:
@@ -37,3 +36,4 @@ services:
 
 volumes:
   pg-data:
+    name: keycloak-demo-cluster-data
diff --git a/docker-compose-cluster.yml b/docker-compose-cluster.yml
@@ -6,8 +6,6 @@ services:
     environment:
       POSTGRES_USER: keycloak
       POSTGRES_PASSWORD: password
-    ports:
-      - "5432:5432"
     volumes:
       - pg-data:/var/lib/postgresql/data
 

diff --git a/nginx.con b/nginx.con
@@ -1,6 +1,6 @@
 upstream backend {
     server keycloak-1:8080 fail_timeout=2s;
-    server keycloak-22:8080 fail_timeout=2s;
+    server keycloak-2:8080 fail_timeout=2s;
 }
 
 server {

diff --git a/_keycloak-cluster-config.md b/_keycloak-cluster-config.md
@@ -1,7 +1,14 @@
 # Keycloak Cluster Configuration (How to)
 
-This is a short and simple example on how to build a proper Keycloak cluster, using `JDBC_PING` as discovery protocol and an NGINX server as reverse proxy.
+This is a short and simple example on how to build a proper Keycloak cluster, using `DNS_PING` as discovery protocol and an NGINX server as reverse proxy.
 
-Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU
+To get it working properly, just enable Docker Swarm mode with `docker swarm init` and just run it as it were a regular Docker Compose deployment.
+So, just `docker compose up` is enough, don't deploy a swarm `stack`! (This would cause trouble and extra complexity with networking)  
+Afterwards, you can disable Swarm again with `docker swarm leave -f`, if needed.
+
+---
+
+Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU  
+NOTE: The video covers `JDBC_PING` protocol and uses the **legacy** Keycloak Wildfly distribution!
 
 [![](http://img.youtube.com/vi/P96VQkBBNxU/maxresdefault.jpg)](http://www.youtube.com/watch?v=P96VQkBBNxU "")
diff --git a/_keycloak-cluster-config.md b/_keycloak-cluster-config.md
@@ -0,0 +1,7 @@
+# Keycloak Cluster Configuration (How to)
+
+This is a short and simple example on how to build a proper Keycloak cluster, using `JDBC_PING` as discovery protocol and an NGINX server as reverse proxy.
+
+Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU
+
+[![](http://img.youtube.com/vi/P96VQkBBNxU/maxresdefault.jpg)](http://www.youtube.com/watch?v=P96VQkBBNxU "")
diff --git a/docker-compose-cluster.yml b/docker-compose-cluster.yml
@@ -0,0 +1,41 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:latest
+    environment:
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    ports:
+      - "5432:5432"
+    volumes:
+      - pg-data:/var/lib/postgresql/data
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    command: start --auto-build -Djgroups.dns.query=keycloak
+    environment:
+      KC_CACHE: ispn
+      KC_CACHE_STACK: kubernetes
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: password
+      KC_HOSTNAME: localhost:8000
+      KC_HOSTNAME_STRICT: "false"
+      KC_PROXY: edge
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    deploy:
+      replicas: 2
+      endpoint_mode: dnsrr
+
+  lb:
+    image: nginx:alpine
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+    ports:
+      - "8000:8000"
+
+volumes:
+  pg-data:
diff --git a/nginx.con b/nginx.con
@@ -0,0 +1,26 @@
+upstream backend {
+    server keycloak-1:8080 fail_timeout=2s;
+    server keycloak-22:8080 fail_timeout=2s;
+}
+
+server {
+    listen       8000;
+    server_name  localhost;
+
+    location / {
+        proxy_set_header    Host               $host;
+        proxy_set_header    X-Real-IP          $remote_addr;
+        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Host   $host;
+        proxy_set_header    X-Forwarded-Server $host;
+        proxy_set_header    X-Forwarded-Port   $server_port;
+        proxy_set_header    X-Forwarded-Proto  $scheme;
+
+        proxy_pass              http://backend;
+        proxy_connect_timeout   2s;
+
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+    }
+}