Keycloak键盘和docker-compose的信托店设置
我正在为生产服务器的KeyCloak致力于传统KeyCloak似乎不需要这一点,但是最新的KeyCloak需要 keycloak_production = true 启用启用,并且在启用此变量时,系统要求我们启用 keycloak_enable_enable_tls = true ,我们也需要定义通往信托店和密钥库的路径。 这是我的docker撰写文件,
version: "3.9"
services:
postgres:
container_name: postgres_blog
image: "postgres"
env_file:
- ./database.dev.env
networks:
- backend
volumes:
- ./db-data:/var/lib/postgresql/data/
- ./sql:/docker-entrypoint-initdb.d/:ro
ports:
- "127.0.0.1:5432:5432"
keycloak:
container_name: keycloak_blog
image: "bitnami/keycloak:latest"
# command: bash ./x509.sh
depends_on:
- "postgres"
env_file:
- ./keycloak.dev.env
ports:
- "127.0.0.1:8180:8080"
- "127.0.0.1:8787:8787" # debug port
networks:
- backend
volumes:
-./keycloak/keystore:/opt/bitnami/keycloak/certs/keycloak.keystore.jks
- ./keycloak/truststore:/opt/bitnami/keycloak/certs/keycloak.truststore.jks
networks:
backend:
name: backend
driver: bridge
这是我的keycloak.dev.env
KEYCLOAK_CREATE_ADMIN_USER=false
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=password
KEYCLOAK_USER= user
KEYCLOAK_PASSWORD= password
KEYCLOAK_PRODUCTION=true
KEYCLOAK_ENABLE_TLS=true
KEYCLOAK_TLS_TRUSTSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.truststore.jks
KEYCLOAK_TLS_KEYSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.keystore.jks
KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
KEYCLOAK_TLS_KEYSTORE_PASSWORD=changeit
KEYCLOAK_TLS_CREATE_KEYSTORE=true
DEBUG=true
DEBUG_PORT='*:8787'
DB_VENDOR=POSTGRES
DB_ADDR=postgres
DB_PORT=5432
DB_DATABASE=keycloak
DB_USER=dev
DB_PASSWORD=pwd
TZ=Asia/Kathmandu
,这是我的数据库。dev.env
POSTGRES_USER="dev"
POSTGRES_PASSWORD="pwd"
POSTGRES_DB="keycloak"
,当我运行docker-compose up命令时,此错误在末尾弹出了末端,而keycloak容器的出口出现。
keycloak_blog | 2022-06-01 14:39:13,319 INFO [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
keycloak_blog | 2022-06-01 14:39:13,494 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Is a directory
keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
keycloak_blog exited with code 1
注意:我正在Windows系统中使用Docker容器。
我已经实现了所有这些,但是当我尝试运行服务器时,错误消息已记录。真的,任何帮助都将不胜感激!提前致谢。
I am working on keycloak for production server the legacy keycloak seems to not need this but the latest keycloak need to have KEYCLOAK_PRODUCTION=true enabled and as we enable this variable the system asks us to enable KEYCLOAK_ENABLE_TLS=true as well then we need to define the path to the truststore and keystore as well.
This is my docker compose file
version: "3.9"
services:
postgres:
container_name: postgres_blog
image: "postgres"
env_file:
- ./database.dev.env
networks:
- backend
volumes:
- ./db-data:/var/lib/postgresql/data/
- ./sql:/docker-entrypoint-initdb.d/:ro
ports:
- "127.0.0.1:5432:5432"
keycloak:
container_name: keycloak_blog
image: "bitnami/keycloak:latest"
# command: bash ./x509.sh
depends_on:
- "postgres"
env_file:
- ./keycloak.dev.env
ports:
- "127.0.0.1:8180:8080"
- "127.0.0.1:8787:8787" # debug port
networks:
- backend
volumes:
-./keycloak/keystore:/opt/bitnami/keycloak/certs/keycloak.keystore.jks
- ./keycloak/truststore:/opt/bitnami/keycloak/certs/keycloak.truststore.jks
networks:
backend:
name: backend
driver: bridge
This is my keycloak.dev.env
KEYCLOAK_CREATE_ADMIN_USER=false
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=password
KEYCLOAK_USER= user
KEYCLOAK_PASSWORD= password
KEYCLOAK_PRODUCTION=true
KEYCLOAK_ENABLE_TLS=true
KEYCLOAK_TLS_TRUSTSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.truststore.jks
KEYCLOAK_TLS_KEYSTORE_FILE=opt/bitnami/keycloak/certs/keycloak.keystore.jks
KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
KEYCLOAK_TLS_KEYSTORE_PASSWORD=changeit
KEYCLOAK_TLS_CREATE_KEYSTORE=true
DEBUG=true
DEBUG_PORT='*:8787'
DB_VENDOR=POSTGRES
DB_ADDR=postgres
DB_PORT=5432
DB_DATABASE=keycloak
DB_USER=dev
DB_PASSWORD=pwd
TZ=Asia/Kathmandu
And this is my database.dev.env
POSTGRES_USER="dev"
POSTGRES_PASSWORD="pwd"
POSTGRES_DB="keycloak"
and when I run the docker-compose up command this error messagr pops up at the end and the keycloak container exits.
keycloak_blog | 2022-06-01 14:39:13,319 INFO [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
keycloak_blog | 2022-06-01 14:39:13,494 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Is a directory
keycloak_blog | 2022-06-01 14:39:13,495 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
keycloak_blog exited with code 1
NOTE: I am using docker container in windows system.
I have implemented all these yet the error message is being logged when I attempt to run the server. Really stuck on this one any help would be appreciated! thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Couple of things I stumbled upon in your configuration:
keycloak.dev.env:KEYCLOAK_TLS_TRUSTSTORE_FILEandKEYCLOAK_TLS_KEYSTORE_FILElack the root/在他们的路径中。docker-compose.yml中:我很惊讶您尝试映射到钥匙店/信任店的相对路径(您可能会发现此讨论有帮助如何将单个文件安装在卷中)Couple of things I stumbled upon in your configuration:
keycloak.dev.env:KEYCLOAK_TLS_TRUSTSTORE_FILEandKEYCLOAK_TLS_KEYSTORE_FILElack the root/in their path.docker-compose.yml: I am surprised about your attempt to map a relative path to your keystore/truststore (you might find this discussion helpful How to mount a single file in a volume)Is a directory, you might want to double-check your volume mount points.