我已经在 Azure 中运行了 v16。现在,我尝试在 Azure WebApp(使用 Azure SQL Server)中运行 Keycloak 19,但容器总是因超时而停止。
我的dockerfile
FROM quay.io/keycloak/keycloak:latest as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh \
build \
--db=mssql \
--transaction-xa-enabled=false
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
ENV KC_DB=mssql
ENV KC_DB_URL=jdbc:sqlserver://<SERVER>:1433;databaseName=keycloak
ENV KC_DB_USERNAME=<USER>
ENV KC_DB_PASSWORD=<PASS>
ENV KC_HOSTNAME=localhost
EXPOSE 8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
我本地运行正常,问题只出现在Azure中
容器日志
2022-09-06T01:35:02.819Z INFO - Pulling image: marcem/keycloak:19.0.1
2022-09-06T01:35:04.669Z INFO - 19.0.1 Pulling from marcem/keycloak
2022-09-06T01:35:04.670Z INFO - Digest: sha256:41fe4fe72ecc4625032ef08b91fc3c64739b53482dd83a15d77c9e2b4f0f12e0
2022-09-06T01:35:04.671Z INFO - Status: Image is up to date for marcem/keycloak:19.0.1
2022-09-06T01:35:04.674Z INFO - Pull Image successful, Time taken: 0 Minutes and 1 Seconds
2022-09-06T01:35:04.686Z INFO - Starting container for site
2022-09-06T01:35:04.687Z INFO - docker run -d --expose=8443 --name idteste19_0_b2d18046 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8443 -e WEBSITE_SITE_NAME=idteste19 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=idteste19.azurewebsites.net -e WEBSITE_INSTANCE_ID=d666afc5e23f437c473fe3731926e159eed3db588814c4ad67c48018d825c3c4 -e WEBSITE_USE_DIAGNOSTIC_SERVER=False marcem/keycloak:19.0.1
2022-09-06T01:35:04.687Z INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2022-09-06T01:35:06.990Z INFO - Initiating warmup request to container idteste19_0_b2d18046 for site idteste19
2022-09-06T01:35:22.306Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 15.3159746 sec
2022-09-06T01:35:38.239Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 31.2483851 sec
2022-09-06T01:35:54.129Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 47.1388503 sec
2022-09-06T01:36:09.300Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 62.3097502 sec
2022-09-06T01:36:24.480Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 77.4895726 sec
2022-09-06T01:36:40.237Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 93.2471132 sec
2022-09-06T01:36:55.426Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 108.4360961 sec
2022-09-06T01:37:10.588Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 123.5979024 sec
2022-09-06T01:37:25.747Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 138.7566758 sec
2022-09-06T01:37:40.925Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 153.9341915 sec
2022-09-06T01:37:56.075Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 169.0848266 sec
2022-09-06T01:38:12.088Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 185.097369 sec
2022-09-06T01:38:27.253Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 200.2621661 sec
2022-09-06T01:38:42.393Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 215.4024129 sec
2022-09-06T01:38:57.060Z ERROR - Container idteste19_0_b2d18046 for site idteste19 did not start within expected time limit. Elapsed time = 230.0696036 sec
2022-09-06T01:38:57.086Z ERROR - Container idteste19_0_b2d18046 didn't respond to HTTP pings on port: 8443, failing site start. See container logs for debugging.
2022-09-06T01:38:57.093Z INFO - Stopping site idteste19 because it failed during startup.
key 斗篷日志
2022-09-06T01:35:18.552235082Z 2022-09-06 01:35:13,613 INFO [org.keycloak.common.Profile] (main) Preview feature enabled: token_exchange
2022-09-06T01:35:18.554454187Z 2022-09-06 01:35:13,647 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: localhost, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
2022-09-06T01:35:18.620453452Z 2022-09-06 01:35:16,830 INFO [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider
2022-09-06T01:35:20.874562080Z 2022-09-06 01:35:20,872 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-09-06T01:35:20.913982278Z 2022-09-06 01:35:20,913 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-09-06T01:35:21.007026510Z 2022-09-06 01:35:21,006 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-09-06T01:35:22.045335289Z 2022-09-06 01:35:22,038 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
2022-09-06T01:35:22.439656965Z 2022-09-06 01:35:22,439 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2022-09-06T01:35:22.442769173Z 2022-09-06 01:35:22,442 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2022-09-06T01:35:22.762236477Z 2022-09-06 01:35:22,761 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.773617706Z 2022-09-06 01:35:22,773 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.778530319Z 2022-09-06 01:35:22,777 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.783215231Z 2022-09-06 01:35:22,782 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:24.868971104Z 2022-09-06 01:35:24,868 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) 3ede773e307d-43775: no members discovered after 2018 ms: creating cluster as coordinator
2022-09-06T01:35:24.891014759Z 2022-09-06 01:35:24,890 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [3ede773e307d-43775|0] (1) [3ede773e307d-43775]
2022-09-06T01:35:24.901995387Z 2022-09-06 01:35:24,900 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `3ede773e307d-43775`, physical addresses are `[169.254.129.3:52868]`
2022-09-06T01:35:26.153975737Z 2022-09-06 01:35:26,153 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 3ede773e307d-43775, Site name: null
2022-09-06T01:35:28.435231448Z 2022-09-06 01:35:28,434 INFO [io.quarkus] (main) Keycloak 19.0.1 on JVM (powered by Quarkus 2.7.6.Final) started in 21.561s. Listening on: https://0.0.0.0:8443
2022-09-06T01:35:28.436131450Z 2022-09-06 01:35:28,435 INFO [io.quarkus] (main) Profile prod activated.
2022-09-06T01:35:28.436823052Z 2022-09-06 01:35:28,436 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
我尝试更改 KC_HOSTNAME(从 localhost 更改为 xxx.azurewebsites.net)、KC_HOSTNAME_PORT(更改为 443、8443)、PROXY_ADDRESS_FORWARDING(更改为 false 和 true)和 WEBSITES_PORT(更改为 80、8080 和 8443)。但没有成功。
有什么想法吗?
非常感谢
最佳答案
我成功地显示了 Keycloak UI 并可以登录。现在唯一的问题是 SSL 证书。
但要开始使用,请执行以下步骤
在 Dockerfile 中我添加了
CMD ["start", "--hostname-strict false --hostname-strict-https false"]
在[入口点]之后
然后在Azure配置中您需要添加变量
PORT: 8080
和
WEBSITES_PORT: 8080
和
KC_DB_URL="jdbc:sqlserver://mydatabaseserver.database.windows.net;database=mydatabase"
您还可以通过启用应用服务日志来检查日志,然后登录高级工具并检查日志文件。以_docker.log结尾的文件是检查启动是否正确的文件。
关于sql-server - 在 Azure WebApp 中使用 SQL Server 运行 Keycloak 19,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73616028/