本文将介绍如何使用docker + traefik 进行keycloak的服务搭建

更多traefik的内容可访问主页

关于 Keycloak

Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It’s all available out of the box.

You’ll even get advanced features such as User Federation, Identity Brokering and Social Login.

文档

查看入门教程

开源地址

Keycloak 功能介绍

- 单点登录
- Kerberos bridge
- 身份代理和社交登录
- 客户端适配器
- 管理控制台
- 账户管理控制台
- 标准协议
- 授权服务

xnip2021-07-07_16-18-36.jpg

安装

1,准备镜像

1.1,Mysql镜像:8.0

1docker pull mysql:8

====说明==:刚开始使用的是mysql5.6及5.7 两个版本都测试过,均有报错。Google了一下也没找到解决办法,最终换成8.0版本;==

如果你感兴趣可以继续解决错误信息(我放弃了~)

mysql5.6~5.7 报错截图 xnip2021-07-07_16-18-36.jpg

1.2 Keycloak镜像:15.0.2

1docker pull jboss/keycloak:15.0.2

2,docker-compose 配置文件 mysql & keycloak

2.1 Mysql 的配置如下

 1  keycloak-mysql:
 2    #镜像名
 3    image: mysql:8
 4    restart: always
 5    #持久化db
 6    volumes:
 7        - ./mysql:/var/lib/mysql
 8    #默认配置文件
 9    environment:
10        - MYSQL_ROOT_PASSWORD=root
11        #keycloak 使用
12        - MYSQL_DATABASE=keycloak
13        - MYSQL_USER=keycloak
14        - MYSQL_PASSWORD=123456

2.2 keycloak 的配置如下

 1  keycloak:
 2    image: jboss/keycloak:15.0.2
 3    volumes:
 4        - /etc/timezone:/etc/timezone
 5        - /etc/localtime:/etc/localtime
 6    environment:
 7        # 初始化服务密码
 8        - KEYCLOAK_USER=admin
 9        - KEYCLOAK_PASSWORD=admin
10        # DB 数据库
11        - DB_VENDOR=mysql
12        - DB_ADDR=keycloak-mysql
13        - DB_PORT=3306
14        - DB_DATABASE=keycloak
15        - DB_USER=keycloak
16        - DB_PASSWORD=123456

2.3 整理 docker-compose 的配置如下

1touch docker-compose.yml

 1    version: "3.6"
 2    services:
 3      # keycloak db
 4      keycloak-mysql:
 5        image: mysql:8
 6        restart: always
 7        volumes:
 8            - ./mysql:/var/lib/mysql
 9        environment:
10            - MYSQL_ROOT_PASSWORD=root
11            - MYSQL_DATABASE=keycloak
12            - MYSQL_USER=keycloak
13            - MYSQL_PASSWORD=123456
14        networks:
15            - traefik
16        logging:
17          driver: "json-file"
18          options:
19            max-size: "1m"
20    
21      # keycloak
22      keycloak:
23        image: jboss/keycloak:15.0.2
24        volumes:
25            - /etc/timezone:/etc/timezone
26            - /etc/localtime:/etc/localtime
27        environment:
28            # 初始化密码
29            - KEYCLOAK_USER=admin
30            - KEYCLOAK_PASSWORD=admin
31            # DB
32            - DB_VENDOR=mysql
33            - DB_ADDR=keycloak-mysql
34            - DB_PORT=3306
35            - DB_DATABASE=keycloak
36            - DB_USER=keycloak
37            - DB_PASSWORD=123456
38        depends_on:
39            - keycloak-mysql
40        labels:
41            - "traefik.enable=true"
42            - "traefik.docker.network=traefik"
43            - "traefik.http.routers.halobug-sso.entrypoints=https"
44            - "traefik.http.routers.halobug-sso.tls=true"
45            - "traefik.http.routers.halobug-sso.rule=Host(`sso.halobug.cn`)"
46            - "traefik.http.services.halobug-sso.loadbalancer.server.scheme=http"
47            - "traefik.http.services.halobug-sso.loadbalancer.server.port=8080"
48        logging:
49          driver: "json-file"
50          options:
51            max-size: "1m"
52        networks:
53            - traefik
54        
55    networks:
56        traefik:
57          external: true

2,启动服务

2.1 启动容器+查看日志

1docker-compose up -d && docker-compose logs -f

大约需要2分钟 第一次初始化较慢

如下图: xnip2021-07-07_16-18-36.jpg

xnip2021-07-07_16-18-36.jpg

2.2 本地绑定hosts (参考以前的文章进行配置https)

traefik 配置CA证书HTTP转HTTPS

1127.0.0.1 sso.halobug.cn

3,访问测试 & 问题处理

3.1,浏览器访问 https://sso.halobug.cn

看到如下截图启动成功!

xnip2021-07-07_16-18-36.jpg

3.2 输入账号密码

出现空白页面,打开调试模式后检查发现是https代理问题。继续调试 xnip2021-07-07_16-18-36.jpg

错误原因:所有的请求必须是ssl xnip2021-07-07_16-18-36.jpg

3.3 新增配置

1 - PROXY_ADDRESS_FORWARDING=true

3.4 完整配置

 1version: "3.6"
 2services:
 3  # keycloak db
 4  keycloak-mysql:
 5    image: mysql:8
 6    restart: always
 7    volumes:
 8        - ./mysql:/var/lib/mysql
 9    environment:
10        - MYSQL_ROOT_PASSWORD=root
11        - MYSQL_DATABASE=keycloak
12        - MYSQL_USER=keycloak
13        - MYSQL_PASSWORD=123456
14    networks:
15        - traefik
16    logging:
17      driver: "json-file"
18      options:
19        max-size: "1m"
20
21  # keycloak
22  keycloak:
23    image: jboss/keycloak:15.0.2
24    ports:
25        - 8080:8080
26    volumes:
27        - /etc/timezone:/etc/timezone
28        - /etc/localtime:/etc/localtime
29    environment:
30        # 初始化密码
31        - KEYCLOAK_USER=admin
32        - KEYCLOAK_PASSWORD=admin
33        # DB
34        - DB_VENDOR=mysql
35        - DB_ADDR=keycloak-mysql
36        - DB_PORT=3306
37        - DB_DATABASE=keycloak
38        - DB_USER=keycloak
39        - DB_PASSWORD=123456
40        # 开启反向代理
41        - PROXY_ADDRESS_FORWARDING=true
42    depends_on:
43        - keycloak-mysql
44    labels:
45        - "traefik.enable=true"
46        - "traefik.docker.network=traefik"
47        - "traefik.http.routers.halobug-sso.entrypoints=https"
48        - "traefik.http.routers.halobug-sso.tls=true"
49        - "traefik.http.routers.halobug-sso.rule=Host(`sso.halobug.cn`)"
50        - "traefik.http.services.halobug-sso.loadbalancer.server.scheme=http"
51        - "traefik.http.services.halobug-sso.loadbalancer.server.port=8080"
52    logging:
53      driver: "json-file"
54      options:
55        max-size: "1m"
56    networks:
57        - traefik
58    
59networks:
60    traefik:
61      external: true

3.4 再次启动

1docker-compose down && docker-compose up -d && docker-compose logs -f

3.5 刷新浏览器再次登录,成功!

xnip2021-07-07_16-18-36.jpg

英文不好的同学先找配置改语言(我也不例外) xnip2021-07-07_16-18-36.jpg

xnip2021-07-07_16-18-36.jpg

服务运行正常 xnip2021-07-07_16-18-36.jpg

到这里就安装成功,下一篇继续说如何使用。

了解更多内容请访问 https://www.zhihu.com/people/halobug/posts