当尝试使用Docker compose在生产模式下运行Keycloak时,会出现以下错误:
keycloak | 2023-10-30 15:13:12,276 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
keycloak | 2023-10-30 15:13:12,276 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: /etc/x509/https/tls.key
字符串
我一直在关注这个guide。
我的 docker-compose.yaml:
services:
postgres:
container_name: postgres_keycloak
image: postgres:16
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "root" ]
timeout: 45s
interval: 10s
retries: 10
volumes:
- postgres_data:/var/lib/postgresql/data
- ./sql:/docker-entrypoint-initdb.d/:ro # turn it on, if you need run init DB
environment:
POSTGRES_USER: kc
POSTGRES_PASSWORD: <pass>
POSTGRES_DB: keycloak
POSTGRES_HOST: postgres
networks:
- keycloak_network
keycloak:
container_name: keycloak
healthcheck:
test: [ "CMD", "curl", "--head","fsS", "http://localhost:8080/health/ready" ]
interval: 5s
timeout: 2s
retries: 15
build:
context: .
args:
KEYCLOAK_VERSION: 22.0.0
depends_on:
postgres:
condition: service_healthy
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: <pass>
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres/keycloak
KC_DB_USERNAME: kc
KC_DB_PASSWORD: <pass>
KC_HOSTNAME: <domain>
KC_HTTP_RELATIVE_PATH: /auth
KC_PROXY: passthrough
KC_HTTPS_CERTIFICATE_FILE: /etc/x509/https/tls.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/x509/https/tls.key
ports:
- "9090:8080"
networks:
- keycloak_network
command:
- start --optimized
volumes:
- ./certs/fullchain.pem:/etc/x509/https/tls.crt
- ./certs/privkey.pem:/etc/x509/https/tls.key
volumes:
postgres_data:
networks:
keycloak_network:
driver: bridge
型
据我所知,这是一个文件权限问题或文件没有正确挂载。我该如何解决这个问题?
1条答案
按热度按时间qoefvg9y1#
我通过使用nginx作为反向代理并设置
KC_HOSTNAME_STRICT_HTTPS: false
. https://www.keycloak.org/server/reverseproxy来绕过这个问题