2

我想完成以下配置来为 Web 服务器提供身份验证和授权:

在此处输入图像描述

每个服务器都是一个单独的 Docker 容器。特别是,我正在使用以下内容docker-compose.yml

version: '3'

volumes:
  mysql_data:
    driver: local

services:
  apache:
    image: bitnami/apache:2.4
  mysql:
      image: mysql:5.7
      volumes:
        - mysql_data:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: jboss/keycloak
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
      ports:
        - 8080:8080
      depends_on:
        - mysql
  keycloak-gatekeeper:
    image: bitnami/keycloak-gatekeeper:2-scratch
    ports:
      - '3000:3000'
    volumes:
      - ./keycloak-gatekeeper.conf:/etc/keycloak-gatekeeper.conf
    command:
      - /keycloak-proxy
      - "--config=/etc/keycloak-gatekeeper.conf"

如您所见,反向代理(Keycloak-gatekeeper)正在侦听 Docker 也公开的端口 3000。我想要完成的是访问http://server_host:3000用户被重定向到 Keycloak 进行身份验证,如果成功,则重定向到正在侦听端口 8080 的 Web 服务器。

这是keycloak-gatekeeper.conf我正在使用的:

# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://keycloak_keycloak_1:8080/auth/realms/master
# the client id for the 'client' application
client-id: gatekeeper
# the secret associated to the 'client' application
client-secret: 396af61a-b05b-417b-8153-0f827c0aab6e
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
listen: 127.0.0.1:3000
# whether to enable refresh tokens
enable-refresh-tokens: false
# the redirection url, essentially the site url, note: /oauth/callback is added at the end
redirection-url: http://127.0.0.1:3000
# the upstream endpoint which we should proxy request
upstream-url: http://apache:8080/
secure-cookie: false
# a collection of resource i.e. urls that you wish to protect
# ======================================================================
resources:
- uri: /*
  methods:
  - GET

但是,给定此配置,访问 URL http://server_host:3000浏览器会显示 ERR_CONNECTION_REFUSED。

可能是什么问题呢?

4

1 回答 1

3

127.0.0.1:3000listen语句中使用时我遇到了同样的问题。试试:3000吧。

于 2020-01-13T21:53:43.080 回答