从后端容器连接到 keycloak 容器时连接被拒绝

Posted 2023-02-27

【中文标题】从后端容器连接到 keycloak 容器时连接被拒绝

【英文标题】：Connection refused when connecting to keycloak container from backend container

【发布时间】：2021-02-25 13:30:31

【问题描述】：

我有两个容器后端（弹簧启动应用程序）和 Keycloak。如果我在容器中运行 keycloak 并在本地运行：它可以工作

如果它们都在容器中运行，则后端不会启动并显示以下错误：

Failed to instantiate [org.springframework.security.oauth2.jwt.JwtDecoder]: Factory method 'jwtDecoderByIssuerUri' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak:8082/auth/realms/myrealm"

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://keycloak:8082/auth/realms/myrealm/.well-known/openid-configuration": Connection refused (Connection refused); 

以下是我的配置：

码头工人撰写：

services:

  keycloak:
    image: jboss/keycloak:8.0.1
    command:
      - " -b 0.0.0.0"
    container_name: "keycloak"
    networks:
      - myproject
    volumes:
      - "./keycloak/realm-export.json:/opt/jboss/keycloak/bin/keycloak_export_dir/realm-export.json"
    environment:
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      KEYCLOAK_IMPORT: /opt/jboss/keycloak/bin/keycloak_export_dir/realm-export.json
    ports:
      - "8082:8080"

  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: "backend"
    environment:
      - spring.oauth2.resourceserver.jwt.issuer-uri= http://keycloak:8082/auth/realms/myrealm
    links:
      - keycloak
    networks:
      - myproject
    restart: on-failure
    ports:
      - "8080:8080"

networks:
  myproject:
    driver: bridge

application.yml:

  application:
    name: backend
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:8082/auth/realms/myrealm

你知道为什么我会被拒绝连接吗？ 任何帮助表示赞赏:)

【参考方案1】：

您的 Keycloak 容器使用以下端口配置

ports:
  - "8082:8080"

意思是：

Keycloak 可通过端口8082 从外部访问。

但是在内部（在这个 docker 网络中），keycloak 只能通过暴露的8080 端口访问。所以你的后端应用程序需要（内部）连接到http://keycloak:8080