我的 Spring 云网关在使用 docker-compose 时出现 Keycloak 的 ResourceAccessException
My Spring cloud gateway gets ResourceAccessException for Keycloak while using docker-compose
我有一个示例项目,它包含一个启动 Eureka 服务器的注册表模块、一个 spring 云网关和 Keycloak。
问题出在 运行 Keycloak,注册表使用 docker-compose 和网关作为普通应用程序,一切正常,也就是说,当我想查看 eureka 仪表板时,我被重定向到 Keycloak 进行身份验证然后重定向到仪表板,但当我使用 docker-compose 与其他人一起执行网关时情况并非如此,它会抱怨:
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://127.0.0.1:8090/auth/realms/dev"
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://127.0.0.1:8090/auth/realms/dev/.well-known/openid-configuration": Connection refused
虽然我可以通过在浏览器中粘贴 link 来获取配置。
我希望这是我对 docker-compose 的错误配置,如果你能给我一些想法,我将不胜感激。
网关application.yml
spring:
application:
name: gateway
cloud:
gateway:
routes:
- id: firstService
uri: lb://first-microservice
predicates:
- Path=/first/**
filters:
- TokenRelay=
- RemoveRequestHeader=Cookie
- id: secondService
uri: lb://second-microservice
predicates:
- Path=/second/**
# filters:
# - StripPrefix=1
filters:
- TokenRelay=
- RemoveRequestHeader=Cookie
- id: registry
uri: lb://registry
predicates:
- Path=/registry/**
filters:
- StripPrefix=1
- id: eureka
uri: lb://registry
predicates:
- Path=/eureka/**
autoconfigure:
# TODO: remove when fixed https://github.com/spring-projects/spring-security/issues/6314
exclude: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
security:
oauth2:
client:
registration:
keycloak:
client-id: backend
client-secret: '2baa28ce-9607-44a3-a42c-a0bb2102a66d'
provider:
keycloak:
issuer-uri: ${ISSUER_URI:http://127.0.0.1:8090/auth/realms/dev}
user-name-attribute: preferred_username
server:
port: 8079
info:
app:
name: ${spring.application.name}
eureka:
client:
registerWithEureka: true
serviceUrl:
defaultZone: ${EUREKA_SERVER:http://localhost:8761/eureka}
healthcheck:
enabled: true
docker-compose.yml
version: '3'
volumes:
postgres_data:
driver: local # is already local by default
keycloak-data-volume:
driver: local # is already local by default
# external: true
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- net
keycloak:
image: jboss/keycloak:11.0.0
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
volumes:
- keycloak-data-volume:/var/lib/keycloak/data
command: ["-Djboss.socket.binding.port-offset=10"]
expose:
- 8090
ports:
- 8090:8090
depends_on:
- postgres
networks:
- net
registry:
image: sample-cloud-registry:latest
container_name: registry
expose:
- 8761
networks:
- net
environment:
- EUREKA_SERVER=http://registry:8761/eureka/
gateway:
image: sample-cloud-gateway:latest
container_name: gateway
expose:
- 8079
ports:
- 127.0.0.1:8080:8079
networks:
- net
restart: always
depends_on:
- registry
- keycloak
environment:
- ISSUER_URI=http://127.0.0.1:8090/auth/realms/dev
- EUREKA_SERVER=http://registry:8761/eureka/
networks:
net:
我设法解决了我的问题,这是我的更改:
由于我使用的是 Eureka,我将 ISSUER_URI=http://127.0.0.1:8090/auth/realms/dev 更改为使用 keycloak 容器的主机名,因此结果是:
- ISSUER_URI=http://keycloak:8090/auth/realms/dev
需要注意的是,上一行中的端口号是容器端口,不一定是主机端口。
然后,您需要将 keycloak 添加到 etc 下的已知主机,以便通过浏览器访问登录页面:
127.0.0.1 keycloak
我有一个示例项目,它包含一个启动 Eureka 服务器的注册表模块、一个 spring 云网关和 Keycloak。 问题出在 运行 Keycloak,注册表使用 docker-compose 和网关作为普通应用程序,一切正常,也就是说,当我想查看 eureka 仪表板时,我被重定向到 Keycloak 进行身份验证然后重定向到仪表板,但当我使用 docker-compose 与其他人一起执行网关时情况并非如此,它会抱怨:
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://127.0.0.1:8090/auth/realms/dev"
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://127.0.0.1:8090/auth/realms/dev/.well-known/openid-configuration": Connection refused
虽然我可以通过在浏览器中粘贴 link 来获取配置。 我希望这是我对 docker-compose 的错误配置,如果你能给我一些想法,我将不胜感激。
网关application.yml
spring:
application:
name: gateway
cloud:
gateway:
routes:
- id: firstService
uri: lb://first-microservice
predicates:
- Path=/first/**
filters:
- TokenRelay=
- RemoveRequestHeader=Cookie
- id: secondService
uri: lb://second-microservice
predicates:
- Path=/second/**
# filters:
# - StripPrefix=1
filters:
- TokenRelay=
- RemoveRequestHeader=Cookie
- id: registry
uri: lb://registry
predicates:
- Path=/registry/**
filters:
- StripPrefix=1
- id: eureka
uri: lb://registry
predicates:
- Path=/eureka/**
autoconfigure:
# TODO: remove when fixed https://github.com/spring-projects/spring-security/issues/6314
exclude: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
security:
oauth2:
client:
registration:
keycloak:
client-id: backend
client-secret: '2baa28ce-9607-44a3-a42c-a0bb2102a66d'
provider:
keycloak:
issuer-uri: ${ISSUER_URI:http://127.0.0.1:8090/auth/realms/dev}
user-name-attribute: preferred_username
server:
port: 8079
info:
app:
name: ${spring.application.name}
eureka:
client:
registerWithEureka: true
serviceUrl:
defaultZone: ${EUREKA_SERVER:http://localhost:8761/eureka}
healthcheck:
enabled: true
docker-compose.yml
version: '3'
volumes:
postgres_data:
driver: local # is already local by default
keycloak-data-volume:
driver: local # is already local by default
# external: true
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- net
keycloak:
image: jboss/keycloak:11.0.0
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
volumes:
- keycloak-data-volume:/var/lib/keycloak/data
command: ["-Djboss.socket.binding.port-offset=10"]
expose:
- 8090
ports:
- 8090:8090
depends_on:
- postgres
networks:
- net
registry:
image: sample-cloud-registry:latest
container_name: registry
expose:
- 8761
networks:
- net
environment:
- EUREKA_SERVER=http://registry:8761/eureka/
gateway:
image: sample-cloud-gateway:latest
container_name: gateway
expose:
- 8079
ports:
- 127.0.0.1:8080:8079
networks:
- net
restart: always
depends_on:
- registry
- keycloak
environment:
- ISSUER_URI=http://127.0.0.1:8090/auth/realms/dev
- EUREKA_SERVER=http://registry:8761/eureka/
networks:
net:
我设法解决了我的问题,这是我的更改:
由于我使用的是 Eureka,我将 ISSUER_URI=http://127.0.0.1:8090/auth/realms/dev 更改为使用 keycloak 容器的主机名,因此结果是:
- ISSUER_URI=http://keycloak:8090/auth/realms/dev
需要注意的是,上一行中的端口号是容器端口,不一定是主机端口。 然后,您需要将 keycloak 添加到 etc 下的已知主机,以便通过浏览器访问登录页面:
127.0.0.1 keycloak