代理后面的密钥斗篷:禁止使用403

时间:2020-07-07 13:53:16

标签: curl proxy keycloak reverse

我需要帮助来解决此问题。 我的目标是调用受keycloak保护的微服务。出于与我的需求相关的原因,我无法直接访问。我必须使用我的apache服务器来完成这项工作。

首先,通过docker-compose.yml传递带有这些参数的密钥斗篷... 注意:keycloak已部署在GCP(LB + GCE)上。它在docker容器中运行

# Enabling proxy address forwarding
PROXY_ADDRESS_FORWARDING: "true"

在中间,我的apache服务器和下面的配置 注意:LetsEncrypt向我提供证书

<Proxy *>
Require all granted
</Proxy>

SSLProxyEngine on
ProxyRequests Off

ProxyPass /oidc https://[keycloakUrl] disablereuse=on
ProxyPassReverse /oidc https://[keycloakUrl] disablereuse=on

ProxyPass /MyMicroservice https://[microserviceUrl] disablereuse=on
ProxyPassReverse /MyMicroservice https://[microserviceUrl] disablereuse=on

最后,我的curl命令。 找回令牌似乎一切正常... 

curl -v POST http://[myApacheUrl]/oidc/auth/realms/[myRealm]/protocol/openid-connect/token ^
    --user [clientId]:[cliendSecret] ^
    -H "content-type: application/x-www-form-urlencoded" ^
    -d "username=[username]&password=[password]&grant_type=password"

< HTTP/1.1 200 OK
< Date: Tue, 07 Jul 2020 13:22:51 GMT
< Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.1.6
< Cache-Control: no-store
< X-XSS-Protection: 1; mode=block
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< Content-Type: application/json
< Content-Length: 1984
< Via: 1.1 google
< Alt-Svc: clear
< Set-Cookie: KEYCLOAK_LOCALE=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/ws/; HttpOnly
< Set-Cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/ws/; HttpOnly

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5ekRxUFBjWnhUTGRKNmxOcGZZbjVQUGU3QlY2WUFIZWdPYzY4V1Q0NDB3In0.eyJleHAiOjE1OTQxMjg0NzEsImlhdCI6MTU5NDEyODE3MSwianRpIjoiZGVjOTM3MjQtMmEyYy00YTRiLTk4ZDctYWYxZmIwMjY4YWI0IiwiaXNzIjoiaHR0cHM6Ly9zcnZyZTdlc3BhY2VzL2F1dGgvcmVhbG1zL3dzIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImE4NGIwZDQwLWNiOWItNGZjNC04YWVmLTVhY2MzN ... }

除了,当我尝试使用它时... 

curl -v GET ^
   http://[myApacheUrl]/MyMicroservice/api/book/v1/books/1 ^
    -H "Authorization: Bearer [myToken]"

* TCP_NODELAY set
* Connected to [myApacheUrl] (x.x.x.x) port 80 (#1)
> GET /MyMicroservice/api/book/v1/books/1 HTTP/1.1
> Host: [myApacheUrl]
> User-Agent: curl/7.55.1
> Accept: */*
> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cC...
>
< HTTP/1.1 403 Forbidden
< Date: Tue, 07 Jul 2020 13:11:53 GMT
< Server: Google Frontend
< Content-Type: text/html
< Content-Length: 0
<
* Connection #1 to host [myApacheUrl]left intact

任何帮助解决或了解所发生情况的帮助

谢谢

0 个答案:

没有答案
相关问题
最新问题