Docker Compose with Traefik - unreachable URL from within the container

Question

The situation in short is the following. (I will update in a moment)

reference issue: Keycloak in Docker "Failed to turn code into token"

I am using Traefik in the docker-compose as a reverse proxy with SSL certificates. I have deployed Keycloak as a service listening on keycloak.example.com. Another service uses keycloak for authentication.

The user web app is able to access the keycloak on https://keycloak.example.com, but the other container does not follow the https://keycloak.example.com they try to connect directly on the container, thus not finding the SSL and getting Connection refused.

service_1          | 09 Jun 19:05:32 ERROR  [adapters.OAuthRequestAuthenticator] - failed to turn code into token
service_1          | java.net.ConnectException: Connection refused (Connection refused)

What I am considering is:

1. Use SSL termination directly on keycloak service
2. Run keycloak on another network and force it pass traffic through host
3. Run another traefik/keycloak combination to seperate the SSL termination.

Is there a simpler solution to force a docker service pass all its traffic through traefik?

I have tried ping and curl from inside the service_1 to keycloak and only the default port (8080) answers as this is the one keycloak runs by default.

Answer 1

The easiest way was to override on the consumer service the DNS entry. In other words force container to reach host IP instead of looking up inside docker network, thus going through Traefik proxy.

1. Add another loop IP address

sudo ip addr add 10.254.254.254 dev lo label lo:2

2. Add the extra_hosts:

    extra_hosts:
      - "service1.local.name:10.254.254.254"

References: 1 2 3