CODEWITHSUNDEEP
dockerazure-web-app-servicekeycloak
Jun
Jun

Reputation: 31

Keycloak in Azure App service failed to start waiting for response to warmup request for container

Deployed Keycloak in Azure App service with optimized docker image follwing the link https://www.keycloak.org/server/containers.

Followed Azure link: https://learn.microsoft.com/en-us/troubleshoot/azure/app-service/faqs-app-service-linux#how-does-the-container-warmup-request-work-

Keycloak work fine with docker run locally as below (hidden the sensitive info)

docker run --name mykeycloak -p 8443:8443 -e KEYCLOAK_ADMIN=admin \ 
-e KEYCLOAK_ADMIN_PASSWORD=change_me \ 
-e KC_DB=postgres \ 
-e KC_DB_URL=jdbc:postgresql://${db_name}.postgres.database.azure.com:5432/${psql_db}?sslmode=verify-full \ 
-e KC_DB_USERNAME=${admin} \
-e KC_DB_PASSWORD=${password} \ 
-e KC_HOSTNAME=localhost \ 
quay.io/keycloak/keycloak:latest start --optimized

But Keycloak in Azure App service failed to start waiting for response to warmup request for container. The partial logs:

...
2023-08-24T17:50:37.277Z INFO - Waiting for response to warmup request for container yto-asvc-keycloak-fea-as_0_8ddaf5ea. Elapsed time = 1786.5679964 sec 
... 
23-08-24T17:31:18.320287723Z 2023-08-24 17:31:18,312 INFO [io.quarkus] (main) Keycloak 22.0.1 on JVM (powered by Quarkus 3.2.0.Final) started in 27.823s. Listening on: https://0.0.0.0:8443 
..... 
023-08-24T17:50:51.529Z ERROR - Container xxxxxx for site xxxxxxxxxx did not start within expected time limit. Elapsed time = 1200.8195898 sec 
2023-08-24T17:50:51.894Z ERROR - Container xxxxxxxxxx didn't respond to HTTP pings on port: 8443, failing site start. See container logs for debugging. 
2023-08-24T17:50:51.962Z INFO - Stopping site xxxxxxxxxx because it failed during startup.

I have followed multiple existing Stack overflow links related to this issue, but without any luck, e.g. Docker never runs on Azure - Waiting for response to warmup request for container

What I have done so far: 1: Use a large Production Premium v3 P3mv3 App service plan 2: Azure app service application settings WEBSITES_CONTAINER_START_TIME_LIMIT=1800 3: Azure app service application settings WEBSITES_PORT=8443 or 8080 (I have tried both) 4: Azure app service general settings "Always on" : "on" 5: Add required KC_ and KEYCLOAK_ environment variables to App settings KC_HOSTNAME=https://xxxxxxxxx.azurewebsites.net/ Azure App Settings

6: Keycloak docker image expose both 8443 and 8080 ports by default 7: Docker run command in app service: (hidden sensitive info)

docker run -d --expose=8443 --name xxxxxxx -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8443 -e WEBSITE_SITE_NAME=xxxxxxxx -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=xxxxxx.azurewebsites.net -e WEBSITE_INSTANCE_ID=xxxxxx -e WEBSITE_USE_DIAGNOSTIC_SERVER=False quay.io/keycloak/keycloak:latest start --optimized

All existing solutions is for http port, mine is https 8443, not sure whether this is the reason, if it is, what is the solution.

Upvotes: 3

Views: 1162

Answers (1)

Mohamed Ali
Mohamed Ali

Reputation: 561

It seems the root cause is that App Service expects the docker container to be listening on port 80 and fails otherwise.

So what I ended up doing was to use a docker compose like this:

version: 3
services:
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    ports:
        - "80:80"
    volumes:
      - ${WEBAPP_STORAGE_HOME}/data:/opt/keycloak/data/
    restart: always
    command: start-dev

Then using environment variables, I changed the listening port to 80. I also had to set Strict HTTPS to true and specify the hostname without protocol (otherwise you end up with wrong AuthServerUrl, starting with something like "http://https://").

App Service Config

Upvotes: 1

Related Questions