Keycloak Keystore and Truststore setup for docker-compose-CodePudding

I am working on keycloak for production server the legacy keycloak seems to not need this but the latest keycloak need to have KEYCLOAK_PRODUCTION=true enabled and as we enable this variable the system asks us to enable KEYCLOAK_ENABLE_TLS=true as well then we need to define the path to the truststore and keystore as well. This is my docker compose file

     version: "3.9" 
     services: 
       postgres: 
         container_name: postgres_blog 
         image: "postgres" 
         env_file: 
           - ./database.dev.env 
         networks: 
           - backend 
         volumes: 
           - ./db-data:/var/lib/postgresql/data/ 
           - ./sql:/docker-entrypoint-initdb.d/:ro 
         ports: 
           - "127.0.0.1:5432:5432" 
       keycloak: 
         container_name: keycloak_blog 
         image: "bitnami/keycloak:latest"
         # command: bash ./x509.sh
         depends_on: 
           - "postgres" 
         env_file: 
           - ./keycloak.dev.env 
         ports: 
           - "127.0.0.1:8180:8080" 
           - "127.0.0.1:8787:8787" # debug port 
         networks: 
           - backend 
         volumes:                                                  
           -./keycloak/keystore:/opt/bitnami/keycloak/certs/keycloak.keystore.jks
           - ./keycloak/truststore:/opt/bitnami/keycloak/certs/keycloak.truststore.jks
     networks: 
       backend: 
         name: backend 
         driver: bridge

This is my keycloak.dev.env

    KEYCLOAK_CREATE_ADMIN_USER=false
    KEYCLOAK_ADMIN=admin
    KEYCLOAK_ADMIN_PASSWORD=password
    KEYCLOAK_USER= user 
    KEYCLOAK_PASSWORD= password 
    KEYCLOAK_PRODUCTION=true  
    KEYCLOAK_ENABLE_TLS=true
    KEYCLOAK_TLS_TRUSTSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.truststore.jks
    KEYCLOAK_TLS_KEYSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.keystore.jks
    KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
    KEYCLOAK_TLS_KEYSTORE_PASSWORD=changeit
    KEYCLOAK_TLS_CREATE_KEYSTORE=true
    DEBUG=true 
    DEBUG_PORT='*:8787' 
    DB_VENDOR=POSTGRES 
    DB_ADDR=postgres 
    DB_PORT=5432 
    DB_DATABASE=keycloak 
    DB_USER=dev 
    DB_PASSWORD=pwd 
    TZ=Asia/Kathmandu

And this is my database.dev.env

    POSTGRES_USER="dev" 
    POSTGRES_PASSWORD="pwd" 
    POSTGRES_DB="keycloak"

and when I run the docker-compose up command this error messagr pops up at the end and the keycloak container exits.

    keycloak_blog | 2022-06-01 14:39:13,319 INFO  [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`        
    keycloak_blog | 2022-06-01 14:39:13,494 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
    keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Is a directory
    keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
    keycloak_blog exited with code 1

NOTE: I am using docker container in windows system.

I have implemented all these yet the error message is being logged when I attempt to run the server. Really stuck on this one any help would be appreciated! thanks in advance.

CodePudding user response：

Couple of things I stumbled upon in your configuration:

in keycloak.dev.env: KEYCLOAK_TLS_TRUSTSTORE_FILE and KEYCLOAK_TLS_KEYSTORE_FILE lack the root / in their path.
in your docker-compose.yml: I am surprised about your attempt to map a relative path to your keystore/truststore (you might find this discussion helpful How to mount a single file in a volume)
Finally, and I can only guess by the error message Is a directory, you might want to double-check your volume mount points.

Hope, this helps.