Keycloak behind Traefik

Hi all

I've deployed Keycloak in the Docker container behind Traefik as reverse proxy as follows:

version: "3.3"

services:

  traefik:
    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.sslresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.sslresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.sslresolver.acme.email=info@microrest.io"
      - "--certificatesresolvers.sslresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  keycloak:
    image: "jboss/keycloak"
    container_name: "keycloak" 
    environment:
      - KEYCLOAK_USER=xxxx
      - KEYCLOAK_PASSWORD=xxxx
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.keycloak.rule=Host(`keycloak.microrest.io`)"
      - "traefik.http.routers.keycloak.entrypoints=websecure"
      - "traefik.http.routers.keycloak.tls.certresolver=sslresolver"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8443"

When I access the login console, it shows Internal Server Error and in the log of Keycloak container:

21:16:40,308 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 9.0.2 (WildFly Core 10.0.3.Final) started in 27908ms - Started 683 of 988 services (701 services are lazy, passive or on-demand)
21:17:03,711 WARN  [org.jboss.as.domain.management.security] (default I/O-3) WFLYDM0113: Generated self signed certificate at /opt/jboss/keycloak/standalone/configuration/application.keystore. Please note that self signed certificates are not secure, and should only be used for testing purposes. Do not use this self signed certificate in production.
SHA-1 fingerprint of the generated key is 4a:58:ed:15:08:70:f6:ed:ad:2b:8e:10:dc:54:94:f0:32:d2:58:2d
SHA-256 fingerprint of the generated key is 51:f8:56:b5:e5:d0:d4:a6:b3:7e:eb:91:2d:29:e7:c6:3e:57:cc:79:53:91:f2:e2:3f:74:48:45:4d:88:bf:21  

What am I doing wrong?

Thanks

Hello @softshipper,
I don't know.

But - I did manage to get Traefik, Keycloak and Jaeger to work as a single docker-compose file. You might find the answer you want in my config:

https://github.com/stevegroom/traefikGateway.

h.t.h.

regards
Steve