How to configure a keycloak cluster properly (legacy Wildfly edition)

_keycloak-cluster-config.md

Keycloak Cluster Configuration (How to) - Legacy Wildfly Distribution!!!

This is a short and simple example on how to build a proper Keycloak cluster, using JDBC_PING as discovery protocol and an NGINX server as reverse proxy.

As this is for legacy Keycloak version (Wildfly based, up until version 17), you can find an example for more current and uptodate versions at this gist here: https://gist.github.com/dasniko/3a57913047af3ca1b6b0a83b294dc1a1

---

Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU

docker-compose-cluster.yml

version: '3'

services:
  postgres:
    container_name: kc_db
    image: postgres:latest
    environment:
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    ports:
      - 5432:5432

  kc1:
    container_name: kc1
    image: quay.io/keycloak/keycloak:17.0.0-legacy
    environment:
      DB_VENDOR: postgres
      DB_ADDR: postgres
      KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      PROXY_ADDRESS_FORWARDING: "true"
      CACHE_OWNERS_COUNT: 2
      CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
      JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
      JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
    depends_on:
      - postgres

  kc2:
    container_name: kc2
    image: quay.io/keycloak/keycloak:latest
    environment:
      DB_VENDOR: postgres
      DB_ADDR: postgres
      KEYCLOAK_FRONTEND_URL: "http://localhost:8000/auth/"
      PROXY_ADDRESS_FORWARDING: "true"
      CACHE_OWNERS_COUNT: 2
      CACHE_OWNERS_AUTH_SESSIONS_COUNT: 2
      JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
      JGROUPS_DISCOVERY_PROPERTIES: "datasource_jndi_name=java:jboss/datasources/KeycloakDS,initialize_sql=\"CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))\",remove_all_data_on_view_change=true"
    depends_on:
      - postgres

  lb:
    container_name: kc_lb
    image: nginx:alpine
    volumes:
      - ${PWD}/nginx.conf:/etc/nginx/conf.d/default.conf
    ports:
      - "8000:8000"
    depends_on:
      - kc1
      - kc2

nginx.conf

upstream backend {
    server kc1:8080 fail_timeout=2s;
    server kc2:8080 fail_timeout=2s;
}

server {
    listen       8000;
    server_name  localhost;

    location / {
        proxy_set_header    Host               $host;
        proxy_set_header    X-Real-IP          $remote_addr;
        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Host   $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-Port   $server_port;
        proxy_set_header    X-Forwarded-Proto  $scheme;

        proxy_pass              http://backend;
        proxy_connect_timeout   2s;

        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
    }
}