时间戳

首页 > 解决方案 > docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向

docker - docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向

问题描述

我是 Keycloak 的新手,也不是 nginx 的专家。我已经关注了文档和其他问题,并使用 keycloak 设置了一个docker -compose 文件,受nginx保护。

这是我的docker-compose.yml,其中包含 和 的nginx配置keycloak

radarbase-keycloak:
    networks:
      - api
      - security
    environment:
      KEYCLOAK_USER : ${KEYCLOAK_USER}
      KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
      DB_VENDOR: postgres
      DB_ADDR: radarbase-postgresql
      DB_PORT: 5432
      DB_DATABASE: rbkeycloak
      DB_USER: ${POSTGRES_USER}
      DB_PASSWORD: ${POSTGRES_PASSWORD}
      PROXY_ADDRESS_FORWARDING: "true"
    depends_on:
      - radarbase-postgresql
    restart: always
radarbase-postgresql:
    image: postgres:${POSTGRES_VERSION}
    networks:
      - security
    volumes:
      - "${RB_POSTGRES_DIR}/data/:/var/lib/postgresql/data/"
    environment:
      POSTGRES_USER : ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: rbkeycloak
    healthcheck:
      test: ["CMD-SHELL", "PGPASSWORD='${POSTGRES_PASSWORD}' psql -U '${POSTGRES_USER}' rbkeycloak -l || exit 1"]
      interval: 1m30s
    timeout: 5s
webserver:
    image: nginx:1.13.1-alpine
    restart: always
    networks:
      - api
      - default
    depends_on:
      - radarbase-keycloak
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - certs:/etc/letsencrypt
      - certs-data:/data/letsencrypt
      - "./etc/webserver/nginx.conf:/etc/nginx/nginx.conf:ro"

nginx.conf的配置如下

worker_rlimit_nofile 8192;

events {
  worker_connections  4096;  ## Default: 1024
}

http {
  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  tcp_nodelay  on;

  # hide nginx version
  server_tokens off;

  # add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
  add_header X-Content-Type-Options nosniff;

  # For logins, make 2 requests per second at most
  limit_req_zone $binary_remote_addr zone=login_limit:10m rate=2r/s;

  server {
    listen                    80 default_server;
    listen                    [::]:80 default_server;
    server_name               mydomain-dev.example.net;

    access_log                /var/log/nginx/access.log;
    error_log                 /var/log/nginx/error.log;

    location /auth/{
      proxy_pass http://radarbase-keycloak:8080/;

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

    }
  }
}

一切都在运行,但是,如果我尝试从https://mydomain-dev.example.net/auth/我得到的访问 keycloak 并且来自 docker**404**nginx 日志

webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /auth/ HTTP/1.1" 200 1087 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"

webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:56 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:58 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:58 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 2018/11/29 16:16:00 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:16:00 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1              | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1              | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"

在我看来,它正在寻找 nginx 下的资源。我错过了什么?有人可以帮忙吗?

标签: dockernginxdocker-composereverse-proxykeycloak

解决方案

您仅代理/auth/,但 keycloak 页面正在尝试加载/favicon.ico(不是/auth/favicon.ico)。尝试/不在/auth/您的 nginx.conf 中代理:

location / {
...
}

更新:所以您想更新 Keycloak 的上下文路径(所有内容都将从该上下文路径提供,甚至是 favicon),恕我直言,不支持,请参阅 https://issues.jboss.org/browse/KEYCLOAK-2310

推荐阅读