I followed this Guide to setup headscale with caddy. And tried to add Keycloak with this guide from the same guy.
Sadly my docker containers do not seem to be able to connect to the keycloak server. What happens is that if i try to download the openid configuration from the host (via wget) or from my local PC it just works. But the headscale server gets a timeout when trying to connect to the endpoint. When i use the internal docker name to connect to the keycloak container the connection works fine but then i get an error because its not the external url.
I experimented a bit and managed to reproduce the issue with a different container (running an ubuntu container and also getting a timeout when trying to download the config from keycloak). If i run the container with the host network i works just fine.
Does anyone know how to fix this?
PS: i also tried the example from the guide with gitea an its also the same problem
Update: I tried most suggestions and for some reason it just didn’t work. My solution that is working now is that I bind the container ports to localhost only (by using p.e.: ports: -“127.0.0.1:4567:8080”) and using the caddy server in host network mode. Now all containers can connect like expected and are working flawlessly. Thanks for all your suggestions :)
I using docker compose: Caddy Keycloak and Headscale
I think it would be easier to use only one docker compose file with all services, and use the same network across all of them
But the network is created externally, so shouldn’t this be the same?
I didn’t read the docker files with attention in the first time, but since you have an external network it should work.
deleted by creator
yes is the same, or at least should.
And container to container works fine, im able to communicate p.e. with keycloak:9000
Do you have coddy to point the DNS to your keyckloak instance like in this part of the tutorial? auth.gurucomputing.com { reverse_proxy http://keycloak:8080 }
Also do you have the domain registered?
this is a long shot but the keycloack container is connected to 2 networks, does this couse a problem?
i’m saying this because traefik need you to specify on the labels which docker network it should use. maybe there is something similar.
but as i said this is a very long shot and it’s probably bs