我有一个域名example.org.
我让docker在那里运行,Traefik作为代理。现在我想设置Keycloft。我想访问auth.example.org上的Keycloft。这是我的配置(docker compose(:
keycloak:
image: quay.io/keycloak/keycloak
restart: always
command: start
environment:
KC_PROXY_ADDRESS_FORWARDING: true
KC_HOSTNAME_STRICT: false
KC_HOSTNAME: auth.example.org
KC_HOSTNAME_PORT: 443
KC_HTTP_ENABLED: true
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak?ssl=allow
KC_DB_USERNAME: root
KC_DB_PASSWORD: password
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
labels:
- "traefik.http.routers.cloud-network-keycloak.rule=Host(`auth.example.org`)"
- "traefik.http.routers.cloud-network-keycloak.entrypoints=websecure"
- "traefik.http.routers.cloud-network-keycloak.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.cloud-network-keycloak.tls=true"
- "traefik.http.services.cloud-network-keycloak.loadbalancer.server.port=8080"
depends_on:
postgres:
condition: service_healthy
networks:
- internal
- traefik
然而,在https://auth.example.org/admin/master/console/上加载Keycloft管理控制台会在浏览器中引发一个错误:
网址:https://auth.example.org/realms/master/protocol/openid-connect/login-status-iframe.html/init?client_id=security-管理控制台&origin=https%3A%2F%2Auth.example.org状态:403
我不知道。。。如何解决这个问题?
为了让Keycapture在端口443上正确响应,我需要删除KC_HOSTNAME_PORT配置,剩下的是:
version: "3"
services:
traefik:
image: docker.io/traefik
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
ports:
- "127.0.0.1:8080:8080"
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
keycloak:
image: quay.io/keycloak/keycloak
restart: always
command: start
environment:
KC_PROXY_ADDRESS_FORWARDING: "true"
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME: auth.example.com
KC_PROXY: edge
KC_HTTP_ENABLED: "true"
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/$POSTGRES_DB?ssl=allow
KC_DB_USERNAME: $POSTGRES_USER
KC_DB_PASSWORD: $POSTGRES_PASSWORD
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
labels:
- "traefik.http.routers.cloud-network-keycloak.rule=Host(`auth.example.com`)"
- "traefik.http.routers.cloud-network-keycloak.tls=true"
- "traefik.http.services.cloud-network-keycloak.loadbalancer.server.port=8080"
postgres:
image: docker.io/postgres:14
environment:
POSTGRES_USER: $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: $POSTGRES_DB
当我作为https://auth.example.com.如果我重新介绍KC_HOSTNAME_PORT设置,我得到相同的";"无限纺车";您在中报告的你的问题。