如何配置容器化的Keycloak-gatekeeper充当反向代理?

时间:2019-10-16 08:30:27

标签: docker docker-compose keycloak keycloak-gatekeeper

我想完成以下配置以为Web服务器提供身份验证和授权:

enter image description here

每个服务器是一个单独的Docker容器。 特别是,我使用以下docker-compose.yml

version: '3'

volumes:
  mysql_data:
    driver: local

services:
  apache:
    image: bitnami/apache:2.4
  mysql:
      image: mysql:5.7
      volumes:
        - mysql_data:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: jboss/keycloak
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
      ports:
        - 8080:8080
      depends_on:
        - mysql
  keycloak-gatekeeper:
    image: bitnami/keycloak-gatekeeper:2-scratch
    ports:
      - '3000:3000'
    volumes:
      - ./keycloak-gatekeeper.conf:/etc/keycloak-gatekeeper.conf
    command:
      - /keycloak-proxy
      - "--config=/etc/keycloak-gatekeeper.conf"

如您所见,反向代理(Keycloak-gatekeeper)正在监听端口3000,该端口也由Docker公开。 我要完成的工作是,访问http://server_host:3000的用户将重定向到Keycloak进行身份验证,如果成功,将重定向到正在侦听端口8080的Web服务器。

这是我正在使用的keycloak-gatekeeper.conf

# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://keycloak_keycloak_1:8080/auth/realms/master
# the client id for the 'client' application
client-id: gatekeeper
# the secret associated to the 'client' application
client-secret: 396af61a-b05b-417b-8153-0f827c0aab6e
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
listen: 127.0.0.1:3000
# whether to enable refresh tokens
enable-refresh-tokens: false
# the redirection url, essentially the site url, note: /oauth/callback is added at the end
redirection-url: http://127.0.0.1:3000
# the upstream endpoint which we should proxy request
upstream-url: http://apache:8080/
secure-cookie: false
# a collection of resource i.e. urls that you wish to protect
# ======================================================================
resources:
- uri: /*
  methods:
  - GET

但是,在此配置下,访问URL http://server_host:3000时,浏览器将显示ERR_CONNECTION_REFUSED。

可能是什么问题?

1 个答案:

答案 0 :(得分:3)

127.0.0.1:3000语句中使用listen时,我遇到了同样的问题。尝试使用:3000

相关问题
最新问题