Skip to main content
Skip table of contents

Troubleshooting: Controller cannot reach Keycloak through the Public Domain


The Keycloak, as well as the controller, are reachable via the public domain from the outside, nevertheless, the controller is unable to reach the Keycloak via the public domain even though they are running on the same host.

Path that a packet takes to reach Keycloak from the controller

As the Lissi Agent Controller needs to access the Keycloak service via the public domain, the Lissi Agent Controller will log an error in case it is unable to reach the Keycloak service.


Likely this problem originates from a firewall, DNS, or NAT configuration issue.

The firewall might block requests where the source and destination IP addresses are equal.

The configured DNS might not be able to resolve the public domain name of the machine itself.


Add a hostname mapping from <DOMAIN> to using the extra_hosts configuration option in the docker-compose file (

version: "3.7"
    container_name: lissi-agent-controller

This will ensure that the Lissi Agent Controller will resolve the public domain to and therefore directly access the Lissi Agent UI via the local network instead of the internet.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.