使用 Keycloak 设置 Traefik returns 500
Setting up Traefik with Keycloak returns 500
我已经处理这个问题好几个星期了,但我无法弄清楚发生了什么。基本上,我有一个应用程序在没有 ssl 的情况下在端口 8080 上使用 nginx (ssl) and/or keycloak 时可以工作。但是,出于某种原因,我无法让它与使用 traefik 一起工作。
我到处都看了,但我无法弄清楚为什么当我从我的应用程序重定向到 keycloak 时,我会收到 500 内部错误。我无法进入 keycloaks 登录页面。我得到一个空白页。 keycloak 中似乎有错误
错误 [org.keycloak.services.error.KeycloakErrorHandler](默认任务 12)无法创建错误页面:java.lang.NullPointerException
在 org.keycloak.theme.ExtendingThemeManager.loadTheme(ExtendingThemeManager.java:117)
在 org.keycloak.theme.ExtendingThemeManager.getTheme(ExtendingThemeManager.java:95)
returns 500
https://keycloak.dev/auth/realms/master/protocol/openid-connect/auth?client_id=formward&state=7a50ff93-46ad-419b-8428-fc662b17aa0e&redirect_uri=http%3A%2F%2Ftravelvoucher.dev%2Fpdf%3Fauth_callback%3D1&scope=openid&response_type=code
returns 500
这是我的 docker-compose.yaml
keycloak:
image: 'jboss/keycloak'
container_name: keycloak
#env_file: ./assets/keycloak.env
#restart: unless-stopped
depends_on:
- keycloak_postgres
volumes:
#- keycloak_data:/var/lib/postgresql/keycloak
#- ./assets/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
- ./cert.key:/etc/x509/https/cert.key
- ./cert.crt:/etc/x509/https/cert.crt
environment:
- DB_VENDOR=POSTGRES
- DB_ADDR=keycloak_postgres
- DB_DATABASE=keycloak
- DB_USER=keycloak
- DB_SCHEMA=public
- DB_PASSWORD=password
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=password
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_LOGLEVEL=ERROR # DEBUG, ERROR, INFO
ports:
- "8443"
expose:
- "8080"
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=Host:keycloak.10.34.60.5.xip.io,keycloak.dev,keycloak.docker.localhost"
- "traefik.docker.network=web"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.headers.X-Forwarded-For=10.34.60.5"
- "traefik.frontend.headers.X-Forwarded-Proto=https"
- "traefik.frontend.headers.X-Forwarded-Port=443"
networks:
- web
- internal
# This command is only required if using Traefik. It's not required if using nginx.
command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.docker=enabled"]
keycloak_postgres:
image: postgres
#env_file: ./assets/keycloak.env
#restart: unless-stopped
volumes:
- keycloak_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
internal:
expose:
- "5432"
labels:
- "traefik.enable=false"
reverse-proxy:
image: traefik # The official Traefik docker image
container_name: traefik
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "443:443"
#- "8080:8080" # The Web UI (enabled by --api)
expose:
- "8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker event
- ./assets/traefik.toml:/etc/traefik/traefik.toml
- ./cert.key:/cert.key
- ./cert.crt:/cert.crt
labels:
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:admin.10.34.60.5.xip.io,admin.dev"
- "traefik.port=8080"
- "traefik.docker.network=web"
networks:
- web
这是我的 traefik.toml 配置:
################################################################
# Global configuration
################################################################
InsecureSkipVerify = true
# Enable debug mode
#
# Optional
# Default: false
#
debug = true
# Log level
#
# Optional
# Default: "ERROR"
#
logLevel = "ERROR"
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/cert.crt"
keyFile = "/cert.key"
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
# [traefikLog]
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "log/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
[api]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
# Enabled Dashboard
#
# Optional
# Default: true
#
# dashboard = false
################################################################
# Ping configuration
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
[docker]
network = "web"
watch = true
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Optional
# Default: ""
#
domain = "dev"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedByDefault = true
您正在使用特定配置 (client_id = formward) 访问 Keycloak 的 master 领域,但尚不清楚您是如何构建此配置的,[=13= 中未提及].可能的领域 configuration/build 步骤之一是扩展或更改默认主题。错误消息说无论配置什么主题,Keycloak 都找不到。您可能已经在 Keycloak 运行 实例上手动执行了配置 and/or 从某处导入了具有此配置的领域,无论哪种方式,此配置状态都不会持续存在(并非所有 Keycloak does/uses 都存储在数据库)
建议:退后一步,在没有 Traefik 的情况下编写 Keycloak,确保它是健康的,将配置步骤添加到您的 docker-compose,然后添加 Traefik。
我已经处理这个问题好几个星期了,但我无法弄清楚发生了什么。基本上,我有一个应用程序在没有 ssl 的情况下在端口 8080 上使用 nginx (ssl) and/or keycloak 时可以工作。但是,出于某种原因,我无法让它与使用 traefik 一起工作。
我到处都看了,但我无法弄清楚为什么当我从我的应用程序重定向到 keycloak 时,我会收到 500 内部错误。我无法进入 keycloaks 登录页面。我得到一个空白页。 keycloak 中似乎有错误
错误 [org.keycloak.services.error.KeycloakErrorHandler](默认任务 12)无法创建错误页面:java.lang.NullPointerException 在 org.keycloak.theme.ExtendingThemeManager.loadTheme(ExtendingThemeManager.java:117) 在 org.keycloak.theme.ExtendingThemeManager.getTheme(ExtendingThemeManager.java:95)
returns 500
https://keycloak.dev/auth/realms/master/protocol/openid-connect/auth?client_id=formward&state=7a50ff93-46ad-419b-8428-fc662b17aa0e&redirect_uri=http%3A%2F%2Ftravelvoucher.dev%2Fpdf%3Fauth_callback%3D1&scope=openid&response_type=code
returns 500
这是我的 docker-compose.yaml
keycloak:
image: 'jboss/keycloak'
container_name: keycloak
#env_file: ./assets/keycloak.env
#restart: unless-stopped
depends_on:
- keycloak_postgres
volumes:
#- keycloak_data:/var/lib/postgresql/keycloak
#- ./assets/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
- ./cert.key:/etc/x509/https/cert.key
- ./cert.crt:/etc/x509/https/cert.crt
environment:
- DB_VENDOR=POSTGRES
- DB_ADDR=keycloak_postgres
- DB_DATABASE=keycloak
- DB_USER=keycloak
- DB_SCHEMA=public
- DB_PASSWORD=password
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=password
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_LOGLEVEL=ERROR # DEBUG, ERROR, INFO
ports:
- "8443"
expose:
- "8080"
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=Host:keycloak.10.34.60.5.xip.io,keycloak.dev,keycloak.docker.localhost"
- "traefik.docker.network=web"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.headers.X-Forwarded-For=10.34.60.5"
- "traefik.frontend.headers.X-Forwarded-Proto=https"
- "traefik.frontend.headers.X-Forwarded-Port=443"
networks:
- web
- internal
# This command is only required if using Traefik. It's not required if using nginx.
command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.docker=enabled"]
keycloak_postgres:
image: postgres
#env_file: ./assets/keycloak.env
#restart: unless-stopped
volumes:
- keycloak_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
internal:
expose:
- "5432"
labels:
- "traefik.enable=false"
reverse-proxy:
image: traefik # The official Traefik docker image
container_name: traefik
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "443:443"
#- "8080:8080" # The Web UI (enabled by --api)
expose:
- "8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker event
- ./assets/traefik.toml:/etc/traefik/traefik.toml
- ./cert.key:/cert.key
- ./cert.crt:/cert.crt
labels:
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:admin.10.34.60.5.xip.io,admin.dev"
- "traefik.port=8080"
- "traefik.docker.network=web"
networks:
- web
这是我的 traefik.toml 配置:
################################################################
# Global configuration
################################################################
InsecureSkipVerify = true
# Enable debug mode
#
# Optional
# Default: false
#
debug = true
# Log level
#
# Optional
# Default: "ERROR"
#
logLevel = "ERROR"
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/cert.crt"
keyFile = "/cert.key"
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
# [traefikLog]
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "log/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
[api]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
# Enabled Dashboard
#
# Optional
# Default: true
#
# dashboard = false
################################################################
# Ping configuration
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
[docker]
network = "web"
watch = true
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Optional
# Default: ""
#
domain = "dev"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedByDefault = true
您正在使用特定配置 (client_id = formward) 访问 Keycloak 的 master 领域,但尚不清楚您是如何构建此配置的,[=13= 中未提及].可能的领域 configuration/build 步骤之一是扩展或更改默认主题。错误消息说无论配置什么主题,Keycloak 都找不到。您可能已经在 Keycloak 运行 实例上手动执行了配置 and/or 从某处导入了具有此配置的领域,无论哪种方式,此配置状态都不会持续存在(并非所有 Keycloak does/uses 都存储在数据库)
建议:退后一步,在没有 Traefik 的情况下编写 Keycloak,确保它是健康的,将配置步骤添加到您的 docker-compose,然后添加 Traefik。