Keycloak authorizations in docker network bridge mode : how to access localhost?

Question

The application context is a node js application with a mongo db using a keycloak server for authorizations with open ID. For the development environment, we have a mongo container, a keycloak container and the application server container.

Keycloak container has a port mapping on 8080 so that I can access the keycloak configuration console on http://localhost:8080.

Application container has a port mapping on 9000 to access the application itself on http://localhost:9000.

All the 3 containers are inside a docker network like application_default (started with docker compose).

Inside the application, the info needed for openid auth with keycloak is managed by the following environment variables :

# KEYCLOAK CREDENTIALS
APP_KEYCLOAK_REALM="http://localhost:8080/auth/realms/myrealm"
APP_KEYCLOAK_RETURN_URL="http://localhost:9000/api/auth/openid/return"
APP_KEYCLOAK_CLIENT_ID=myapplication
APP_KEYCLOAK_CLIENT_SECRET="00d5c908-eade-4e26-bcf0-b9341ghie197"

These settings doesnt work, very normally actually as inside the application container, the APP_KEYCLOAK_REALM value of localhost:8080 does not refer to my PC (and keycloak) but to the app container.

Now when I replace with

APP_KEYCLOAK_REALM="http://keycloak:8080/auth/realms/myrealm"

the application can go to keycloak but then for the authentication, my browser is stuck trying to redirect me for authorization to an url that does not mean anything to him starting with http://keycloak:8080/auth/realms...

The only way I have managed to have the configuration working is by putting the actual ip adress of my PC inside the environment file :

# KEYCLOAK CREDENTIALS
APP_KEYCLOAK_REALM="http://192.168.1.34:8080/auth/realms/myrealm"
APP_KEYCLOAK_RETURN_URL="http://192.168.1.34:9000/api/auth/openid/return"
APP_KEYCLOAK_CLIENT_ID=myapplication
APP_KEYCLOAK_CLIENT_SECRET="00d5c908-eade-4e26-bcf0-b9341ghie197"

This works but does not seem the ideal for portability (IP adress is changing all the time).

Is there a standard way to do that? May be redirect localhost in docker dns to the docker host? others?

Duplicate: https://stackoverflow.com/questions/50670734/keycloak-in-docker-compose-network — Ryan, Feb 14 '22 at 22:38
Use KEYCLOAK_FRONTEND_URL as discussed here: https://stackoverflow.com/questions/50670734/keycloak-in-docker-compose-network — Ryan, Feb 14 '22 at 22:39

score 0 · Answer 1 · answered Jul 23 '17 at 09:24

There are few things you can do about it. One is to use host entries on your local for keycloak host. This way your browser on host will recognize the keycloak host and use it for auth.

Otherwise you shouldn't be doing it this way. You should put a nginx container for which port 80 is mapped to the host. And then you can use url based patterns to redirect to port 8000 or 9000

Keycloak authorizations in docker network bridge mode : how to access localhost?

1 Answers1