Hello. I've successfully spun up keycloak with Teaefik. However only if those services are on the same network and doesn't have some internal subnetworks.
Now i wanted to split those two services to different docker-compose files. In one, i have:
I make it accessible from traefik default network, however only the frontend for security purposes. At this point the Keycloak frontend lives in two networks - local-keycloak (where it connects with it's database) and traefik_default (to be accessible for traefik) as shown here (traefik_default network):
However, in the traefik logs, traefik wants to access an IP attached to keycloak frontend in local-keycloak network
By docker.network you mean setting in static configuration of traefik or rather manually creating / specifying docker network?
I know. I needed to use it to check if some files are present inside the filesystem.
Update: As i read the docker-compose file that you sent, i defined what network should docker create and now i have the same setup but instead of traefik_default as name, it is proxy as the name of the network. Anyway, nothing changed really ald traefik still target wrong IP. Shouldn't i specify the network as label inside of keycloak docker compose file?
I defined the network inside the traefik docker compose file and now i just need to specify the network to join inside second service container (Keycloak in my case):
Inside the "proxy" network i see these containers:
Which is correct. However my issue is that traefik is targeting IP 172.23.0.3:8080 which is the IP of Keycloak but not inside the "proxy" network, but inside the "local-keycloak" network. I want traefik to target 172.22.0.5:8080 so the reachable IP.
I misunderstood what you said by docker.network. Later i noticed there's label traefik.docker.network=proxy which is defining which network traefik should use to target IPs.
So yeah, you were right, and i misunderstood your statement. I'm sorry and also glad that we could solve it! Thank you, @bluepuma77 !
I don't know how but as soon as i started other container that do work perfectly with traefik and i had 0 problems with it, keycloak stopped working behind traefik and now i get:
The IP in the log is targeting Keycloak's IP inside the "proxy" network which is correct and it should be like that. However, Keycloak somehow refuses the connection. Actually, i don't know if the connection is refused by Keycloak itself or there's issue in the configuration again.
Any clue?
PS: I set the traefik.docker.network=proxy inside the service's (Keycloak's) docker compose which is the right way to do it i guess.
(another) UPDATE:
So it works again. Keycloak probably makes fun of me cause it started working out of nowhere. However, after Keycloak docker compose restart, i noticed there's some delay. So it first writes Bad gateway and after couple of seconds it start to work properly. It's probably issue with Keycloak so i'm yet again closing this topic as solved by your first comment.