mysql - keycloak docker mysql连接链接失败

Question

我正在尝试将 mysql 用于 keycloak，并且之前使用过相同的配置，但这次它给出了链接故障。

volumes:
  mysql_data:
    driver: local

services:
  mysql:
    image: mysql:5.7
    volumes:
       - mysql_data:/var/lib/mysql
    ports:
       - 3306:3306
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: keycloak
      MYSQL_USER: keycloak
      MYSQL_PASSWORD: password

  keycloak:
    build: keycloak-image
    image: km-keycloak
    environment:
      PROXY_ADDRESS_FORWARDING: "true"
      DB_VENDOR: MYSQL
      DB_ADDR: mysql
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
    volumes:
      - mysql_data:/opt/jboss/mysql_data
    depends_on:
      - mysql
    links:
      - mysql

我的 keycloak 图像 docker 文件看起来像

FROM jboss/keycloak

COPY km.json /opt/jboss
COPY entrypoint.sh /opt/jboss

USER root
RUN chown jboss /opt/jboss/entrypoint.sh && chmod +x /opt/jboss/entrypoint.sh
USER 1000

ENTRYPOINT ["/opt/jboss/entrypoint.sh"]
CMD [""]

key 斗篷的入口点看起来像

#!/bin/bash

if [[ -e /opt/jboss/mysql_data/keycloak ]]; then
    /opt/jboss/tools/docker-entrypoint.sh -b 0.0.0.0
else
    /opt/jboss/tools/docker-entrypoint.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file='km.json' -b 0.0.0.0
fi

我得到的错误是

引起:javax.resource.ResourceException:IJ031084:无法创建连接 Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: 通信链接失败 Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Answer 1

添加

  JDBC_PARAMS: "useSSL=false"

到 keycloak environment docker-compose 文件中的变量。
(例如，直接在 KEYCLOAK_PASSWORD 之后)

根据您的设置，可能没有必要在 2 个容器之间使用受 SSL 保护的连接。

我不确定为什么现在会出现此错误。它在 keycloak 版本 7.0.0 中工作，但在 7.0.1 中不再工作。也许 java 版本改变了，不再信任默认的 mysql-containers ssl 证书

ERROR [stderr] (ServerService Thread Pool -- 70) Thu Nov 14 20:55:46 UTC 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.