我想完成以下配置来为 Web 服务器提供身份验证和授权:
每个服务器都是一个单独的 Docker 容器。
特别是,我使用以下 docker-compose.yml
:
version: '3'
volumes:
mysql_data:
driver: local
services:
apache:
image: bitnami/apache:2.4
mysql:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: jboss/keycloak
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
ports:
- 8080:8080
depends_on:
- mysql
keycloak-gatekeeper:
image: bitnami/keycloak-gatekeeper:2-scratch
ports:
- '3000:3000'
volumes:
- ./keycloak-gatekeeper.conf:/etc/keycloak-gatekeeper.conf
command:
- /keycloak-proxy
- "--config=/etc/keycloak-gatekeeper.conf"
如您所见,反向代理(Keycloak-gatekeeper)正在监听端口 3000,该端口也由 Docker 公开。 我想要完成的是访问 http://server_host:3000用户将被重定向到 Keycloak 进行身份验证,如果成功,则重定向到正在监听端口 8080 的 Web 服务器。
这是我正在使用的keycloak-gatekeeper.conf
:
# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://keycloak_keycloak_1:8080/auth/realms/master
# the client id for the 'client' application
client-id: gatekeeper
# the secret associated to the 'client' application
client-secret: 396af61a-b05b-417b-8153-0f827c0aab6e
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
listen: 127.0.0.1:3000
# whether to enable refresh tokens
enable-refresh-tokens: false
# the redirection url, essentially the site url, note: /oauth/callback is added at the end
redirection-url: http://127.0.0.1:3000
# the upstream endpoint which we should proxy request
upstream-url: http://apache:8080/
secure-cookie: false
# a collection of resource i.e. urls that you wish to protect
# ======================================================================
resources:
- uri: /*
methods:
- GET
但是,根据此配置,访问 URL http://server_host:3000浏览器显示 ERR_CONNECTION_REFUSED。
可能是什么问题?
最佳答案
在 listen
语句中使用 127.0.0.1:3000
时,我遇到了同样的问题。请尝试 :3000
。
关于docker - 如何配置容器化的 Keycloak-gatekeeper 来充当反向代理?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58408971/