Troubleshooting: Controller cannot reach Keycloak through the Public Domain
The Keycloak, as well as the controller, are reachable via the public domain from the outside, nevertheless, the controller is unable to reach the Keycloak via the public domain even though they are running on the same host.
As the Lissi Agent Controller needs to access the Keycloak service via the public domain, the Lissi Agent Controller will log an error in case it is unable to reach the Keycloak service.
Likely this problem originates from a firewall, DNS, or NAT configuration issue.
The firewall might block requests where the source and destination IP addresses are equal.
The configured DNS might not be able to resolve the public domain name of the machine itself.
Add a hostname mapping from
172.17.0.1 using the
extra_hosts configuration option in the docker-compose file (https://docs.docker.com/compose/compose-file/build/#extra_hosts).
version: "3.7" services: [...] lissi-agent-controller: container_name: lissi-agent-controller extra_hosts: - $SERVER_PUB_DOMAIN_NAME:172.17.0.1 [...]
This will ensure that the Lissi Agent Controller will resolve the public domain to
172.17.0.1 and therefore directly access the Lissi Agent UI via the local network instead of the internet.