Is it possible to tell Spring Boot Keycloak adapter that the Keycloak server may have multiple aliases?

Your issue here is that you need to get Keycloak properly accessible externally, not only inside the server itself. The docker container ids like keycloak_service are valid for internal service communication, but here you've got the browser requesting the url, so there's no point on using it.

For my concrete case, I had a nginx proxy configured for this job, assigning the server two names, but proxy forwarding to the port I was interested in.

As an example, imagine you call your server myapp.com and auth.myapp.com. Then let's suppose you publish the port 8080 for your keycloak server and 8081 for your application. You'd need to configure nginx kind of this way:

server {  server_name myapp.com;  location / {    proxy_pass http://127.0.0.1:8081;  }}server {  server_name auth.myapp.com;  location / {    proxy_pass http://127.0.0.1:8080;  }}

After that, you set up your client to work with auth.myapp.com. Also don't forget to configure keycloak to work behind a proxy (you might need to rebuild the docker image with the proper configuration).

See also:

• route different proxy based on subdomain request in nginx

As I don't have the reputation for adding comments I am going this way.

I have a similar setup as @Xtreme Biker has described above, but still my app cannot communicate with keycloak by using the server_name configured in the nginx config. I am able to call myapp.com from my browser which then redirects to auth.myapp.com (keycloak) for login. After successful login keycloak redirects back to myapp.com with a valid authorization_code (as I can see while debugging). Then myapp.com tries to exchange the authorization_code by calling http://auth.myapp.com/auth/realms/my-relam/protocol/openid-connect/token but it is not able to connect and fails with: java.net.ConnectException: Connection refused (Connection refused).

Anyone having similar issues found a solution for that?