如何解决docker中带有keycloak的openresty,将主机网址公开为发现
version: '3.5'
services:
my_Nginx:
environment:
OIDC_disCOVERY: 'http://[my-test-server-url]:8081/auth/realms/example/.well-kNown/openid-configuration'
...
keycloak-container:
...
它们都在测试服务器上运行。
当我尝试浏览该应用程序时,my_Nginx
应该重定向到keycloak-container
以获取OIDC令牌。
但是,Nginx报告无法解析主机网址:
accessing discovery url (http://[my-test-server-url]:8081/auth/realms/example/.well-kNown/openid-configuration) Failed: [my-test-server-url] Could not be resolved (3: Host not found)
如果我猛扑到Nginx容器,请在/etc/hosts
下添加测试服务器(这又一次,Nginx显然不使用),指向keycloak实例并卷曲[my-test-server]:8081,我得到了正确的答案:
[root@b68fd49a46fe /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.21.0.8 b68fd49a46fe
#ip is that of the keycloak
172.21.0.19 my-test-server
[root@b68fd49a46fe /]# curl http://my-test-server:8081/auth/.../
{"issuer":"http://my-test-server:8081/auth/realms/example","authorization_endpoint":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/auth","token_endpoint":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/token","introspection_endpoint":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/token/introspect","userinfo_endpoint":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/userinfo","end_session_endpoint":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/logout","jwks_uri":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/certs","check_session_iframe":"http://my-test-server:8081/auth/realms/example/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["ps384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["ps384","RS512","none"],"request_object_signing_alg_values_supported":["ps384","response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://my-test-server:8081/auth/realms/example/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["ps384","claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","address","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true}
现在有什么方法可以在Nginx配置中使它起作用吗?我在Nginx(FROM openresty/openresty:1.15.8.2-6-centos
)中使用openresty
我花了大部分时间试图更改容器宿主文件中的内容,但是它们显然不在Nginx范围内使用,因为这是从解析器自己的conf中读取的。我已确保将其设置为127.0.0.11
,这应该是正确的。
我可以通过某种方式使proxy_pass或类似的东西解决此问题吗?
解决方法
如果您的服务器上安装了systemd,则可以使用它附带的名称服务器,系统名称为systemd-resolved,以便从/ etc / hosts文件中解析主机名。
您只需要将其添加到您的nginx配置http,服务器或位置块中:
解析器127.0.0.53;
使用systemctl status systemd-resolved.service查看它是否在您的服务器上运行。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。