docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向
Posted
技术标签:
【中文标题】docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向【英文标题】:Keycloak behind nginx in docker results in 404 and infinitive redirects 【发布时间】:2019-05-01 18:23:18 【问题描述】:我是 Keycloak 的新手,也不是 nginx 方面的专家。我遵循了文档和其他 questions 并使用 keycloak 设置了一个 docker-compose 文件,受 nginx 保护。
这是我的docker-compose.yml,其中包含nginx 和keycloak 的配置。
radarbase-keycloak:
networks:
- api
- security
environment:
KEYCLOAK_USER : $KEYCLOAK_USER
KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD
DB_VENDOR: postgres
DB_ADDR: radarbase-postgresql
DB_PORT: 5432
DB_DATABASE: rbkeycloak
DB_USER: $POSTGRES_USER
DB_PASSWORD: $POSTGRES_PASSWORD
PROXY_ADDRESS_FORWARDING: "true"
depends_on:
- radarbase-postgresql
restart: always
radarbase-postgresql:
image: postgres:$POSTGRES_VERSION
networks:
- security
volumes:
- "$RB_POSTGRES_DIR/data/:/var/lib/postgresql/data/"
environment:
POSTGRES_USER : $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: rbkeycloak
healthcheck:
test: ["CMD-SHELL", "PGPASSWORD='$POSTGRES_PASSWORD' psql -U '$POSTGRES_USER' rbkeycloak -l || exit 1"]
interval: 1m30s
timeout: 5s
webserver:
image: nginx:1.13.1-alpine
restart: always
networks:
- api
- default
depends_on:
- radarbase-keycloak
ports:
- "80:80"
- "443:443"
volumes:
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
- "./etc/webserver/nginx.conf:/etc/nginx/nginx.conf:ro"
而我的nginx.conf 配置如下
worker_rlimit_nofile 8192;
events
worker_connections 4096; ## Default: 1024
http
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
tcp_nodelay on;
# hide nginx version
server_tokens off;
# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
add_header X-Content-Type-Options nosniff;
# For logins, make 2 requests per second at most
limit_req_zone $binary_remote_addr zone=login_limit:10m rate=2r/s;
server
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain-dev.example.net;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /auth/
proxy_pass http://radarbase-keycloak:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
一切都在运行,但是,如果我尝试从 https://mydomain-dev.example.net/auth/ 访问 keycloak,我会得到 **404** 和来自 docker 的 nginx 日志 说
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /auth/ HTTP/1.1" 200 1087 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:46 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:56 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:57 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:57 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:58 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:58 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:15:59 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:15:59 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 2018/11/29 16:16:00 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:00 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:01 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:01 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
webserver_1 | 2018/11/29 16:16:02 [error] 8#8: *7 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 143.168.122.1, server: mydomain-dev.example.net, request: "GET /favicon.ico HTTP/1.1", host: "mydomain-dev"
webserver_1 | 143.168.122.1 - - [29/Nov/2018:16:16:02 +0000] "GET /favicon.ico HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
在我看来,它正在寻找 nginx 下的资源。 我错过了什么?有人可以帮忙吗?
【问题讨论】:
【参考方案1】:您仅代理 /auth/,但 keycloak 页面正在尝试加载 /favicon.ico(不是 /auth/favicon.ico)。尝试在您的 nginx.conf 中代理 / 而不是 /auth/:
location /
...
更新:因此您想更新 Keycloak 的上下文路径(所有内容都将从该上下文路径提供,甚至是网站图标),恕我直言不支持,请参阅 https://issues.jboss.org/browse/KEYCLOAK-2310
【讨论】:
感谢@Jan Garaj 的回复。在那种情况下,我可以告诉 keycloak 加载 /auth/favicon.ico 而不是 /favicon.ico。我基本上想让其他服务在不同的路径上运行,并在 /auth/ 路径上运行 keycloak。 添加:关于上下文路径的信息。以上是关于docker 中 nginx 后面的 Keycloak 导致 404 和不定式重定向的主要内容,如果未能解决你的问题,请参考以下文章
在 Nginx 后面运行 Docker Engine API
带有ssl的nginx代理后面的docker容器内的Wordpress
在 Docker 后面运行的 Nginx 上出现随机 502/503 错误(在 ECS 集群 + ALB 上)
在 nginx 代理后面使用 docker 私有注册表 (v2) 的 HTTP 响应格式错误
在 Nginx 代理后面时,Keycloak Docker Instace 中的 X-Frame-Options 拒绝加载