如何在 docker 容器中配置 spring 云 oauth2
How to config spring cloud oauth2 in docker container
我在使用 micro-spring-docker 时遇到了一些问题,我想可能是 sso token-url 不正确。
演示 https://github.com/keryhu/micro-oauth2-docker
在本地计算机上,sso 服务和 auth-service 工作正常。
但不在 docker 容器中,
the problem is that redirecting to auth-server Timeout .
SSO(pc 网关服务)application.yml:
security:
user:
password: none
oauth2:
client:
accessTokenUri: http://${AUTHSERVER_PORT_9999_TCP_ADDR:localhost}:9999/uaa/oauth/token
userAuthorizationUri: http://${AUTHSERVER_PORT_9999_TCP_ADDR:localhost}:9999/uaa/oauth/authorize
docker-compose.yml
eureka:
image: eureka:0.0.1-SNAPSHOT
container_name: eureka
hostname: eureka
ports:
- "8761:8761"
configserver:
image: config-server:0.0.1-SNAPSHOT
container_name: configserver
hostname: configserver
links:
- eureka
ports:
- "8888:8888"
authserver:
image: auth-server:0.0.1-SNAPSHOT
container_name: authserver
hostname: authserver
links:
- eureka
- configserver
ports:
- "9999:9999"
pcgateway:
image: pc-gateway:0.0.1-SNAPSHOT
container_name: pcgateway
hostname: pcgateway
links:
- eureka
- configserver
- authserver
ports:
- "8080:8080"
在 docker 容器中启动后:
http://192.168.99.100:8761/ 显示:
Instances currently registered with Eureka
Application AMIs Availability Zones Status
AUTHSERVER n/a(1) (1) UP (1) - authserver:authserver:9999
CONFIGSERVER n/a(1) (1) UP (1) - configserver:configserver:8888
PCGATEWAY n/a(1) (1) UP (1) - pcgateway:pcgateway:8080
但是当打开授权页面时:http://192.168.99.100:8080
应该跳转到auth-server登录页面,但是打开超时了,地址栏是:
http://172.17.0.4:9999/uaa/oauth/authorize?client_id=clientapp&redirect_uri=http://192.168.99.100:8080/login&response_type=code&state=cdXhfg
不知道为什么,可能上面的sso tokenurl不正确。如何解决?
172.17.0.4 IP 地址是 内部 (容器-容器)网络上 authserver 容器的 IP 地址,即 无法从 docker 主机(虚拟机)外部访问。
这可能很棘手,因为(在这种情况下)您需要提供运行 docker 的虚拟机的 IP 地址,这可能 改变 ,并且在生产中肯定会有所不同。
如果将 ${AUTHSERVER_PORT_9999_TCP_ADDR:localhost} 更改为 192.168.99.100,应该可以。
我建议使用您在 docker-compose.yml 中提供的环境变量来配置 IP 地址(或域),例如:
${DOMAIN_NAME:192.168.99.100}
默认为虚拟机的 "standard" IP 地址。在生产环境中,您可以传递项目运行所在服务器的实际域名或 IP 地址。
Note that the "link" environment variables are marked deprecated, and only will
be used on the default (bridge) network. The new linking feature won't create
these variables, but you can simply link to other containers by name. See
https://docs.docker.com/engine/userguide/networking/work-with-networks/#linking-containers-in-user-defined-networks
我在使用 micro-spring-docker 时遇到了一些问题,我想可能是 sso token-url 不正确。
演示 https://github.com/keryhu/micro-oauth2-docker
在本地计算机上,sso 服务和 auth-service 工作正常。
但不在 docker 容器中,
the problem is that redirecting to auth-server Timeout .
SSO(pc 网关服务)application.yml:
security:
user:
password: none
oauth2:
client:
accessTokenUri: http://${AUTHSERVER_PORT_9999_TCP_ADDR:localhost}:9999/uaa/oauth/token
userAuthorizationUri: http://${AUTHSERVER_PORT_9999_TCP_ADDR:localhost}:9999/uaa/oauth/authorize
docker-compose.yml
eureka:
image: eureka:0.0.1-SNAPSHOT
container_name: eureka
hostname: eureka
ports:
- "8761:8761"
configserver:
image: config-server:0.0.1-SNAPSHOT
container_name: configserver
hostname: configserver
links:
- eureka
ports:
- "8888:8888"
authserver:
image: auth-server:0.0.1-SNAPSHOT
container_name: authserver
hostname: authserver
links:
- eureka
- configserver
ports:
- "9999:9999"
pcgateway:
image: pc-gateway:0.0.1-SNAPSHOT
container_name: pcgateway
hostname: pcgateway
links:
- eureka
- configserver
- authserver
ports:
- "8080:8080"
在 docker 容器中启动后:
http://192.168.99.100:8761/ 显示:
Instances currently registered with Eureka
Application AMIs Availability Zones Status
AUTHSERVER n/a(1) (1) UP (1) - authserver:authserver:9999
CONFIGSERVER n/a(1) (1) UP (1) - configserver:configserver:8888
PCGATEWAY n/a(1) (1) UP (1) - pcgateway:pcgateway:8080
但是当打开授权页面时:http://192.168.99.100:8080
应该跳转到auth-server登录页面,但是打开超时了,地址栏是:
http://172.17.0.4:9999/uaa/oauth/authorize?client_id=clientapp&redirect_uri=http://192.168.99.100:8080/login&response_type=code&state=cdXhfg
不知道为什么,可能上面的sso tokenurl不正确。如何解决?
172.17.0.4 IP 地址是 内部 (容器-容器)网络上 authserver 容器的 IP 地址,即 无法从 docker 主机(虚拟机)外部访问。
这可能很棘手,因为(在这种情况下)您需要提供运行 docker 的虚拟机的 IP 地址,这可能 改变 ,并且在生产中肯定会有所不同。
如果将 ${AUTHSERVER_PORT_9999_TCP_ADDR:localhost} 更改为 192.168.99.100,应该可以。
我建议使用您在 docker-compose.yml 中提供的环境变量来配置 IP 地址(或域),例如:
${DOMAIN_NAME:192.168.99.100}
默认为虚拟机的 "standard" IP 地址。在生产环境中,您可以传递项目运行所在服务器的实际域名或 IP 地址。
Note that the "link" environment variables are marked deprecated, and only will be used on the default (bridge) network. The new linking feature won't create these variables, but you can simply link to other containers by name. See https://docs.docker.com/engine/userguide/networking/work-with-networks/#linking-containers-in-user-defined-networks