我是 Keycloak 的新手,也不是 nginx 的专家。我已关注文档和其他 questions并使用 设置一个 docker-compose 文件 key 斗篷 , 受 保护nginx .
这是我的docker-compose.yml其中包含 nginx 的配置和 keycloak .
radarbase-keycloak:
networks:
- api
- security
environment:
KEYCLOAK_USER : ${KEYCLOAK_USER}
KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
DB_VENDOR: postgres
DB_ADDR: radarbase-postgresql
DB_PORT: 5432
DB_DATABASE: rbkeycloak
DB_USER: ${POSTGRES_USER}
DB_PASSWORD: ${POSTGRES_PASSWORD}
PROXY_ADDRESS_FORWARDING: "true"
depends_on:
- radarbase-postgresql
restart: always
radarbase-postgresql:
image: postgres:${POSTGRES_VERSION}
networks:
- security
volumes:
- "${RB_POSTGRES_DIR}/data/:/var/lib/postgresql/data/"
environment:
POSTGRES_USER : ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: rbkeycloak
healthcheck:
test: ["CMD-SHELL", "PGPASSWORD='${POSTGRES_PASSWORD}' psql -U '${POSTGRES_USER}' rbkeycloak -l || exit 1"]
interval: 1m30s
timeout: 5s
webserver:
image: nginx:1.13.1-alpine
restart: always
networks:
- api
- default
depends_on:
- radarbase-keycloak
ports:
- "80:80"
- "443:443"
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
- "./etc/webserver/nginx.conf:/etc/nginx/nginx.conf:ro"
还有我的
nginx.conf配置如下worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
tcp_nodelay on;
# hide nginx version
server_tokens off;
# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
add_header X-Content-Type-Options nosniff;
# For logins, make 2 requests per second at most
limit_req_zone $binary_remote_addr zone=login_limit:10m rate=2r/s;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain-dev.example.net;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /auth/{
proxy_pass http://radarbase-keycloak:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
但是,如果我尝试从
https://mydomain-dev.example.net/auth/ 访问 keycloak,一切都在运行。我得到 **404**和 nginx 日志 docker 说webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /auth/ HTTP/1.1" 200 1087 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:56 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:58 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:58 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 2018/11/29 16:16:00 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:00 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
在我看来,它正在寻找 nginx 下的资源。
我错过了什么?有人可以帮忙吗?
最佳答案
您只代理/auth/ ,但 keycloak 页面正在尝试加载 /favicon.ico (不是 /auth/favicon.ico )。尝试代理/不是 /auth/在你的 nginx.conf 中:
location / {
...
}
更新:所以您想更新 Keycloak 的上下文路径(所有内容都将从该上下文路径提供,甚至是网站图标),恕我直言,不支持,请参阅
https://issues.jboss.org/browse/KEYCLOAK-2310
关于docker - docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53543253/