问题描述
我正在尝试获取使用keycloak的Shinyproxy的基本示例。这是我的Dockerfile
FROM openjdk:11-jre
RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.3.1.jar -O /opt/shinyproxy/shinyproxy.jar
copY application.yml /opt/shinyproxy/application.yml
workdir /opt/shinyproxy/
CMD ["java","-jar","/opt/shinyproxy/shinyproxy.jar"]
这是我的docker-compose.yml
version: "3.7"
services:
MysqL:
image: MysqL:5.7
volumes:
- MysqLdata:/var/lib/MysqL
environment:
MysqL_ROOT_PASSWORD: root
MysqL_DATABASE: keycloak
MysqL_USER: keycloak
MysqL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_vendOR: MysqL
DB_ADDR: MysqL
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
PROXY_ADDRESS_FORWARDING: 'true'
ports:
- 8010:8080
#networks:
# - shinyproxy-net
depends_on:
- MysqL
shinyproxy:
build: .
image: shinyproxy
ports:
- '8020:8080'
networks:
- shinyproxy-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
shinyproxy-net:
external: true
volumes:
MysqLdata:
driver: local
这是我的application.yml
proxy:
port: 8080
authentication: keycloak
useForwardHeaders: true # not sure if necessary or not
admin-groups: admins
keycloak:
realm: shinyproxy
auth-server-url: http://localhost:8010/auth
resource: shinyproxy
credentials-secret: aa205d81-ae00-4b59-bca6-4c41074c633c
docker:
internal-networking: true
specs:
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: ["R","-e","shinyproxy::run_01_hello()"]
container-image: openanalytics/shinyproxy-demo
container-network: shinyproxy-net
- id: 06_tabsets
container-cmd: ["R","shinyproxy::run_06_tabsets()"]
container-image: openanalytics/shinyproxy-demo
container-network: shinyproxy-net
logging:
file:
shinyproxy.log
当我转到http://localhost:8020/并向在http://localhost:8010/中创建的用户进行身份验证时,会收到重定向次数过多的错误。
我在做什么错了?
解决方法
我有同样的问题,我已经调查了很多......我已经注意到“重定向太多次”背后的错误是什么
ERROR 1 --- [ XNIO-1 task-1] o.k.adapters.OAuthRequestAuthenticator: failed to turn code into token
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我已尝试通过添加安全证书来解决它,如以下链接 https://hub.docker.com/r/jboss/keycloak/ 所示,在设置 TLS(SSL) 部分中,使用此链接中@Vsoma 指出的解决方案 {{3 }} 并将 Keycloak 服务的卷添加到容器中,如下所示:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./themes/mytheme:/opt/jboss/keycloak/themes/mytheme
- ./keycloak/certs:/etc/x509/https
并在 standalone.xml 中添加这一行:
<socket-binding name = "proxy-https" port = "443"/>
这不是一个确定的答案,但我认为这是解决问题的重大进步。