我正在尝试将 mysql 用于 keycloak,并且之前使用过相同的配置,但这次它给出了链接故障。
volumes:
mysql_data:
driver: local
services:
mysql:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
build: keycloak-image
image: km-keycloak
environment:
PROXY_ADDRESS_FORWARDING: "true"
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
volumes:
- mysql_data:/opt/jboss/mysql_data
depends_on:
- mysql
links:
- mysql
我的 keycloak 图像 docker 文件看起来像
FROM jboss/keycloak
COPY km.json /opt/jboss
COPY entrypoint.sh /opt/jboss
USER root
RUN chown jboss /opt/jboss/entrypoint.sh && chmod +x /opt/jboss/entrypoint.sh
USER 1000
ENTRYPOINT ["/opt/jboss/entrypoint.sh"]
CMD [""]
key 斗篷的入口点看起来像
#!/bin/bash
if [[ -e /opt/jboss/mysql_data/keycloak ]]; then
/opt/jboss/tools/docker-entrypoint.sh -b 0.0.0.0
else
/opt/jboss/tools/docker-entrypoint.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file='km.json' -b 0.0.0.0
fi
我得到的错误是
引起:javax.resource.ResourceException:IJ031084:无法创建连接 Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: 通信链接失败 Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
最佳答案
添加
JDBC_PARAMS: "useSSL=false"
到 keycloak
environment
docker-compose 文件中的变量。
(例如,直接在 KEYCLOAK_PASSWORD
之后)
根据您的设置,可能没有必要在 2 个容器之间使用受 SSL 保护的连接。
我不确定为什么现在会出现此错误。它在 keycloak 版本 7.0.0
中工作,但在 7.0.1
中不再工作。也许 java 版本改变了,不再信任默认的 mysql-containers ssl 证书
ERROR [stderr] (ServerService Thread Pool -- 70) Thu Nov 14 20:55:46 UTC 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
关于mysql - keycloak docker mysql连接链接失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58823674/