0

我正在尝试获取使用 keycloak 的 shinyproxy 的基本示例。这是我的Dockerfile

FROM openjdk:11-jre

RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.3.1.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml

WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]

这是我的docker-compose.yml

version: "3.7"

services:
  mysql:
      image: mysql:5.7
      volumes:
        - mysqldata:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
        PROXY_ADDRESS_FORWARDING: 'true'
      ports:
        - 8010:8080
      #networks:
      #  - shinyproxy-net
      depends_on:
        - mysql
  shinyproxy:
    build: .
    image: shinyproxy
    ports:
      - '8020:8080'
    networks:
      - shinyproxy-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  shinyproxy-net:
    external: true
volumes:
  mysqldata:
      driver: local

这是我的application.yml

proxy:
  port: 8080
  authentication: keycloak
  useForwardHeaders: true  # not sure if necessary or not
  admin-groups: admins
  keycloak:
    realm: shinyproxy                                                     
    auth-server-url: http://localhost:8010/auth
    resource: shinyproxy                                                  
    credentials-secret: aa205d81-ae00-4b59-bca6-4c41074c633c
  docker:
      internal-networking: true
  specs:
  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app 
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
  - id: 06_tabsets
    container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
logging:
  file:
    shinyproxy.log

当我访问http://localhost:8020/我在其中创建的用户并对其进行身份验证时,http://localhost:8010/我收到了重定向太多次错误。

我究竟做错了什么?

4

1 回答 1

0

我有同样的问题,我已经调查了很多......我设法注意到“重定向太多次”背后的错误是什么

ERROR 1 --- [  XNIO-1 task-1] o.k.adapters.OAuthRequestAuthenticator: failed to turn code into token

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我试图通过添加安全证书来解决它,如以下链接https://hub.docker.com/r/jboss/keycloak/所示,在设置 TLS(SSL) 部分中,解决方案由@Vsoma 在此链接Keycloak SSL setup using docker image并将 Keycloak 服务的卷添加到容器到 docker-compose-yml 中,如下所示:

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./themes/mytheme:/opt/jboss/keycloak/themes/mytheme
  - ./keycloak/certs:/etc/x509/https

并在standalone.xml中添加这一行:

<socket-binding name = "proxy-https" port = "443"/>

这不是一个确定的答案,但我认为这是解决问题的重大进步。

于 2021-04-22T16:49:11.133 回答