小贝子编程

无法通过基本设置错误.验证.超出范围



我在docker中使用security已经有一段时间了。

今天看完Curity Identity Server 7.2 Release Webinar的视频,我想试试EdDSA。

所以我像往常一样创建了一个新的容器,但这次我无法完成基本设置。安全运行在Traefik之后,Traefik正在向curity_container:6749发送UI请求。

这些是日志。

我在UI上上传了我的许可证,并使用默认设置。(说实话,我不知道如何连接到PG容器,因为我无法在安全容器内的任何地方找到postgres-create_database.sql

2022-07-20T04:40:22:729+0000 WARN    {conf-Thread-12-58} se.curity.identityserver.licensing.LicenseManager - The License JWT does not contain the expected parts
2022-07-20T04:40:22:729+0000 WARN    {conf-Thread-12-58} se.curity.identityserver.licensing.LicenseManager -
*********************************************************************************
No valid license has been found. The Server will NOT work normally without a license,
it is advisable that you get a license for this server as soon as possible.
*********************************************************************************
2022-07-20T04:40:22:729+0000 WARN    {conf-Thread-12-58} se.curity.identityserver.licensing.LicenseManager - No valid license has been provided
2022-07-20T04:40:22:737+0000 INFO    {conf-Thread-12-58} se.curity.identityserver.event.EventBusImplFactoryInjector - Starting EventBus without any EventListeners configured
2022-07-20T04:40:22:740+0000 INFO    {conf-super-app-server-BixNNLvj-c5500ce30ca5} se.curity.identityserver.config.ConfDConnection - Thread conf-Thread-12-58 is connected to the Configuration Service
2022-07-20T04:40:22:740+0000 INFO    {server-start-stop-5} se.curity.identityserver.jetty.AppServer.AdminApiServerLifecycleManager - Starting HTTP server (run 1)
2022-07-20T04:40:22:867+0000 INFO    {app-server-AdminApiServerLifecycleManager} se.curity.identityserver.jetty.AppServer.AdminApiServerLifecycleManager - Listening on 0.0.0.0:6749
2022-07-20T04:40:30:056+0000 WARN  agbbC7En  {req-80} se.curity.identityserver.errors.SystemRuntimeException - se.curity.identityserver.errors.ServiceUnavailableException@67c97b7a[_httpStatus=503,_errorMessageId=system.status.service-unavailable,_errorCode=generic_error,_errorDescription=]
2022-07-20T04:40:58:601+0000 INFO    {maapi-connection-manager-1} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range
2022-07-20T04:40:58:601+0000 INFO  WQM4ONhN  {req-78} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range
2022-07-20T04:40:58:608+0000 INFO  k8e6C3iW  {req-78} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range
2022-07-20T04:40:58:647+0000 INFO    {maapi-connection-manager-1} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range
2022-07-20T04:40:58:702+0000 INFO    {maapi-connection-manager-1} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range
2022-07-20T04:40:58:762+0000 INFO  hFcEIqOT  {req-82} se.curity.identityserver.adminapi.operations.Create - create failed with exception: error.validation.out-of-range

我的docker组合看起来像这样

curity:
image: curity.azurecr.io/curity/idsvr
container_name: curity
restart: always
environment:
PASSWORD: 
networks:
- proxy

有谁知道这个错误意味着什么以及如何通过它吗?

很高兴看到你已经解决了你的问题,这里有一些进一步的注意事项可以帮助你理解和提高工作效率:

<<p>

登录错误/strong>看起来Traefik以某种方式阻止了身份服务器将配置更新从管理节点推送到运行时节点的方式。默认情况下,在端口6789上创建侦听器,在您的情况下,这似乎失败了。我没有在Traefik后面使用安全身份服务器,但是看看你是否可以防止它干扰这个端口,或者只是身份服务器容器。

考虑在开发期间添加更详细的日志级别,这将有助于解决某些类型的问题。这是OAuth开发人员故障排除中建议的方法之一。

curity:
image: curity.azurecr.io/curity/idsvr
container_name: curity
restart: always
environment:
PASSWORD: MyPassword
LOGGING_LEVEL: DEBUG
networks:
- proxy

POSTGRES

创建postgres模式的脚本存在于安全身份服务器的部署Docker容器中:

export IDSVR_CONTAINER_ID=$(docker ps | grep idsvr | awk '{print $1}')
docker exec -it $IDSVR_CONTAINER_ID bash -c "ls /opt/idsvr/etc"

在Admin UI中,在Facilities / Default Data Source菜单项下,您可以像这样配置Postgres连接:

<data-source>
<id>default-datasource</id>
<jdbc xmlns="https://curity.se/ns/ext-conf/jdbc">
<connection-string>jdbc:mypostgres-container://dbserver/idsvr</connection-string>
<driver>org.postgresql.Driver</driver>
<password>MySecr3t</password>
<use-for-audit>true</use-for-audit>
<username>postgres</username>
</jdbc>
</data-source>

您可以像这样部署postgres并运行模式脚本,该脚本可以包含诸如备份用户之类的数据:

curity-data:
image: postgres:13.2
hostname: mypostgres-container
volumes:
- ./components/idsvr/postgres-create_database.sql:/docker-entrypoint-initdb.d/data-backup.sql
environment:
POSTGRES_USER: 'postgres'
POSTGRES_PASSWORD: 'MySecr3t'
POSTGRES_DB: 'idsvr'

请参阅这些资源,它们使用postgres并部署备份的用户帐户:

  • Kubernetes演示安装文章有一些关于备份和恢复数据的注意事项
  • SPA部署使用基于Docker Compose的部署与postgres

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium