我尝试了很多次来了解发生了什么,但我厌倦了尝试却一无所获!
我从https://github.com/heyValdemar/keycloak-traefik-letsencrypt-docker-compose.git
下载了一个docker-compose更改了一些属性,例如主机名和电子邮件。
这是我的撰写文件:
这里我们有 2 个数据库,一个用于备份,一个用于 keycloak 生产、traefik 和 keycloak。
我评论了 https 重定向命令,现在我不使用证书。
networks:
keycloak-network:
external: true
traefik-network:
external: true
volumes:
keycloak-postgres:
keycloak-postgres-backup:
keycloak-database-backups:
traefik-certificates:
services:
postgres:
image: ${KEYCLOAK_POSTGRES_IMAGE_TAG}
volumes:
- keycloak-postgres:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${KEYCLOAK_DB_NAME}
POSTGRES_USER: ${KEYCLOAK_DB_USER}
POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
networks:
- keycloak-network
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "${KEYCLOAK_DB_NAME}", "-U", "${KEYCLOAK_DB_USER}" ]
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
restart: unless-stopped
keycloak:
image: ${KEYCLOAK_IMAGE_TAG}
environment:
KEYCLOAK_DATABASE_VENDOR: ${KEYCLOAK_DB_TYPE}
KEYCLOAK_DATABASE_HOST: postgres
KEYCLOAK_DATABASE_PORT: 5432
KEYCLOAK_DATABASE_NAME: ${KEYCLOAK_DB_NAME}
KEYCLOAK_DATABASE_USER: ${KEYCLOAK_DB_USER}
KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
KEYCLOAK_DATABASE_SCHEMA: public
KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USERNAME}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: 'true'
KEYCLOAK_ENABLE_STATISTICS: 'true'
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
KC_PROXY: edge
KC_PROXY_ADDRESS_FORWARDING: 'true'
KC_HTTP_ENABLED: 'true'
KC_HOSTNAME_STRICT: 'false'
networks:
- keycloak-network
- traefik-network
healthcheck:
test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_HOSTNAME}`)"
- "traefik.http.routers.keycloak.service=keycloak"
- "traefik.http.routers.keycloak.entrypoints=web"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.tls=true"
- "traefik.http.routers.keycloak.tls.certresolver=letsencrypt"
- "traefik.http.services.keycloak.loadbalancer.passhostheader=true"
- "traefik.http.routers.keycloak.middlewares=compresstraefik"
- "traefik.http.middlewares.compresstraefik.compress=true"
- "traefik.docker.network=traefik-network"
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
traefik:
image: ${TRAEFIK_IMAGE_TAG}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL}"
- "--accesslog=true"
- "--api.dashboard=true"
- "--api.insecure=true"
- "--ping=true"
- "--ping.entrypoint=ping"
- "--entryPoints.ping.address=:8082"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--providers.docker=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
- "--metrics.prometheus=true"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--global.checkNewVersion=true"
- "--global.sendAnonymousUsage=false"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik-certificates:/etc/traefik/acme
networks:
- traefik-network
ports:
- "127.0.0.1:8080:8080"
- "80:80"
- "443:443"
healthcheck:
test: ["CMD", "wget", "http://localhost:8082/ping","--spider"]
interval: 10s
timeout: 5s
retries: 3
start_period: 5s
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOSTNAME}`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
- "traefik.http.routers.dashboard.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=${TRAEFIK_BASIC_AUTH}"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
restart: unless-stopped
backups:
image: ${KEYCLOAK_POSTGRES_IMAGE_TAG}
command: >-
sh -c 'sleep $KEYCLOAK_BACKUP_INIT_SLEEP &&
while true; do
pg_dump -h postgres -p 5432 -d $KEYCLOAK_DB_NAME -U $KEYCLOAK_DB_USER | gzip > $KEYCLOAK_POSTGRES_BACKUPS_PATH/$KEYCLOAK_POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz &&
find $KEYCLOAK_POSTGRES_BACKUPS_PATH -type f -mtime +$KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f &&
sleep $KEYCLOAK_BACKUP_INTERVAL; done'
volumes:
- keycloak-postgres-backup:/var/lib/postgresql/data
- keycloak-database-backups:${KEYCLOAK_POSTGRES_BACKUPS_PATH}
environment:
KEYCLOAK_DB_NAME: ${KEYCLOAK_DB_NAME}
KEYCLOAK_DB_USER: ${KEYCLOAK_DB_USER}
PGPASSWORD: ${KEYCLOAK_DB_PASSWORD}
KEYCLOAK_BACKUP_INIT_SLEEP: ${KEYCLOAK_BACKUP_INIT_SLEEP}
KEYCLOAK_BACKUP_INTERVAL: ${KEYCLOAK_BACKUP_INTERVAL}
KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS: ${KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS}
KEYCLOAK_POSTGRES_BACKUPS_PATH: ${KEYCLOAK_POSTGRES_BACKUPS_PATH}
KEYCLOAK_POSTGRES_BACKUP_NAME: ${KEYCLOAK_POSTGRES_BACKUP_NAME}
networks:
- keycloak-network
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
这是我的环境变量:
与下载的一样,仅更改 TRAEFIK_HOSTNAME 和 KEYCLOAK_HOSTNAME。电子邮件我留空给你们看。
我将这两个主机名添加到我的 Windows 主机文件中。
# Traefik Variables
TRAEFIK_IMAGE_TAG=traefik:2.9
TRAEFIK_LOG_LEVEL=WARN
TRAEFIK_ACME_EMAIL=
TRAEFIK_HOSTNAME=traefik.keycloak.labs.net
# Basic Authentication for Traefik Dashboard
# Username: traefikadmin
# Passwords must be encoded using MD5, SHA1, or BCrypt https://hostingcanada.org/htpasswd-generator/
TRAEFIK_BASIC_AUTH=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO
# Keycloak Variables
KEYCLOAK_POSTGRES_IMAGE_TAG=postgres:14
KEYCLOAK_IMAGE_TAG=bitnami/keycloak:22.0.1
KEYCLOAK_DB_TYPE=postgresql
KEYCLOAK_DB_NAME=keycloakdb
KEYCLOAK_DB_USER=keycloakdbuser
KEYCLOAK_DB_PASSWORD=EqhvLbsPhrkkZjcaGWcV7qT
KEYCLOAK_ADMIN_USERNAME=keycloakadmin
KEYCLOAK_ADMIN_PASSWORD=rwXPqspCABJzqh47i723wf9
KEYCLOAK_HOSTNAME=keycloak.labs.net
KEYCLOAK_LOG_LEVEL=WARN
# Backup Variables
KEYCLOAK_BACKUP_INIT_SLEEP=30m
KEYCLOAK_BACKUP_INTERVAL=24h
KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS=7
KEYCLOAK_POSTGRES_BACKUPS_PATH=/srv/keycloak-postgres/backups
KEYCLOAK_POSTGRES_BACKUP_NAME=keycloak-postgres-backup
我访问 Traefik 没有问题,但是当我尝试访问 Keycloak 时,我只收到:ERR_NAME_NOT_RESOLVED 或 404 页面未找到。
本地主机:8080/admin 或者 keycloak.labs.net/admin
我已经阅读了所有这篇文章:https://www.keycloak.org/getting-started/getting-started-docker
这是我所有的 docker 容器:
这是来自Keycloak的日志,我真的没有收到任何请求。尝试了很多。
尝试将端口、主机名、方法从 http 更改为 https... 尝试通过财务 ip:port 进行连接。
您同时在 traefik 后面运行 keycloak 吗?