How to configure multiple keycloak instances on nginx

Question

I have two keycloak instances running on two separate swarm stacks.

this is how my stack file looks like:

INSTANCE 1

version: "3.4"

services:
  # keycloak Server
  keycloak:
    image: jboss/keycloak:11.0.0
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      restart_policy:
        condition: on-failure
    environment:
      # DB_STUFF
      PROXY_ADDRESS_FORWARDING: "true"
    ports:
      - "18080:18080"
    command:
      - "-b"
      - "0.0.0.0"
      - "-Djboss.socket.binding.port-offset=10000"

INSTANCE 2

version: "3.4"

services:
  # keycloak Server
  keycloak:
    image: jboss/keycloak:11.0.0
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      restart_policy:
        condition: on-failure
    environment:
      # DB_STUFF
      PROXY_ADDRESS_FORWARDING: "true"
    ports:
      - "18081:18081"
    command:
      - "-b"
      - "0.0.0.0"
      - "-Djboss.socket.binding.port-offset=10001"

And the nginx configuration:

    location /auth/ {
            proxy_pass http://localhost:18080/auth/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Port 80;
    }

    location /auth2/ {
            proxy_pass http://localhost:18081/auth/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Port 80;
    }

I wanted to be able to access each of them through a separate path, but when I try to access the admin console of the second instance at /auth2 it redirects me to the first one at /auth. I have little knowledge about nginx so any help is appreciated.

Answer 1

You may want to change the web context on your second Keycloak instance to auth2.

Set an environment variable WEB_CONTEXT to auth2 on your second Keycloak instance. Then add a CLI script file web-context.cli like this:

set WEB_CONTEXT=${env.WEB_CONTEXT:auth}
set KEYCLOAK_CONFIG_FILE=${env.KEYCLOAK_CONFIG_FILE:standalone-ha.xml}
set JBOSS_HOME=${env.JBOSS_HOME}

echo Setting web-context to $WEB_CONTEXT in $JBOSS_HOME/standalone/configuration/$KEYCLOAK_CONFIG_FILE

embed-server --server-config=$KEYCLOAK_CONFIG_FILE --std-out=echo
/subsystem=keycloak-server/:write-attribute(name=web-context,value=$WEB_CONTEXT)
stop-embedded-server

Add the file to /opt/jboss/startup-scripts.

See "Runnin custom scripts on startup" section in the README for details.