Problem

The Keycloak, as well as the controller, are reachable via the public domain from the outside, nevertheless, the controller is unable to reach the Keycloak via the public domain even though they are running on the same host.

Path that a packet takes to reach Keycloak from the controller

As the Lissi Agent Controller needs to access the Keycloak service via the public domain, the Lissi Agent Controller will log an error in case it is unable to reach the Keycloak service.

Cause

Likely this problem originates from a firewall, DNS, or NAT configuration issue.

The firewall might block requests where the source and destination IP addresses are equal.

The configured DNS might not be able to resolve the public domain name of the machine itself.

Solution

Add a hostname mapping from <DOMAIN> to 172.17.0.1 using the extra_hosts configuration option in the docker-compose file (https://docs.docker.com/compose/compose-file/build/#extra_hosts).

version: "3.7"
services:
[...]
  lissi-agent-controller:
    container_name: lissi-agent-controller
    extra_hosts:
      - $SERVER_PUB_DOMAIN_NAME:172.17.0.1  
[...]
CODE

This will ensure that the Lissi Agent Controller will resolve the public domain to 172.17.0.1 and therefore directly access the Lissi Agent UI via the local network instead of the internet.