I'm creating an app composed of those elements:
- an angular front end
- a spring cloud gateway (running on port 8180)
- several spring boot microservices behind the gateway
- a postgresql database
- a keycloak to manage OAuth authentication (running on port 8080)
For dev purpose, I've started with the postgre DB and keycloak in docker-compose file that I run with podman-compose. All other components are run directly from CLI or my IDE (ie outside of containers) and it works well. Keycloak uses the postgre DB as well as the microservices. My docker compose file:
version: '3.3'
services:
postgres:
image: postgres:14.5-alpine
container_name: myapp-db
ports:
- "5432:5432"
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=postgres
volumes:
- myapp-postgres:/var/lib/postgresql/data
- ./initdb:/docker-entrypoint-initdb.d
networks:
internal:
keycloak:
container_name: local_keycloak
image: quay.io/keycloak/keycloak:19.0.3
environment:
KC_FEATURES:
authorization
token-exchange
docker
impersonation
scripts
upload-scripts
web-authn
client-policies
dynamic-scopes
KEYCLOAK_ADMIN: keycloak
KEYCLOAK_ADMIN_PASSWORD: keycloak
entrypoint: /opt/keycloak/bin/kc.sh --config-file=/opt/keycloak/conf/keycloak.conf start-dev
volumes:
- ./keycloak-data:/opt/keycloak/conf
- ./exports:/opt/keycloak/data
ports:
- "8080:8080"
- "8043:8443"
networks:
internal:
depends_on:
- postgres
volumes:
myapp-postgres:
networks:
internal:
Now I want to containerize the Spring Cloud Gateway before including it to the docker compose file.
At startup, the gateway needs to connect to Keycloak to get the realm configuration and is configured to reach Keycloak with a url starting with http://localhost:8080.
Problem: When I start the gateway container (using podman), I get a "can't connect to remote host" from the container. After some research, I found that if I set the url to http://host.docker.internal:8080 it works: the 2 containers are connected. But, when accessing from my browser, and following the OAuth protocol, there's a redirect from the gateway to the Keycloak on the host.docker.internal domain that my browser doesn't know.
Does anyone know how I can address this problem?
Thanks!