Keycloak 无法连接到 Postgres:“需要 SSL 连接”
[英]Keycloak can't connect to Postgres: "SSL connection is required"
问题描述
I'm setting up KeyCloak on my Azure-Kube.netes-Cluster.
我正在我的 Azure-Kube.netes-Cluster 上设置 KeyCloak。 KeyCloak is supposed to connect to my Azure-Postgres Database. KeyCloak 应该连接到我的 Azure-Postgres 数据库。 It Fails with: "FATAL: SSL connection is required. Please specify SSL options and retry."它失败了:“致命:需要 SSL 连接。请指定 SSL 选项并重试。”
Without Postgres (deleting all DB-Attributes) Keycloak works fine (using default h2), including the ingress.没有 Postgres(删除所有 DB-Attributes)Keycloak 工作正常(使用默认 h2),包括入口。 Couldn't find any other information on how to configure it correct.找不到有关如何正确配置它的任何其他信息。
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
restartPolicy: Always
containers:
- name: keycloak
image: jboss/keycloak
imagePullPolicy: IfNotPresent
env:
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "true"
- name: DB_VENDOR
value: "postgres"
- name: DB_DATABASE
value: "keycloak"
- name: DB_ADDR
value: "adress"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "keycloak@db"
- name: DB_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "ssl=true"
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
selector:
app: keycloak
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- host.de
secretName: secret-name
rules:
- host: host.de
http:
paths:
- path: /
backend:
serviceName: keycloak
servicePort: 8080
I expect keycloak to connect to the Postgres-DB.我希望 keycloak 连接到 Postgres-DB。
5 个解决方案
解决方案1
0 2019-04-18 09:47:00
I'm setting up KeyCloak on my Azure-Kubernetes-Cluster.我正在Azure-Kubernetes-Cluster上设置KeyCloak。 KeyCloak is supposed to connect to my Azure-Postgres Database. KeyCloak应该连接到我的Azure-Postgres数据库。 It Fails with: "FATAL: SSL connection is required. Please specify SSL options and retry."失败:“致命:需要SSL连接。请指定SSL选项,然后重试。”
Without Postgres (deleting all DB-Attributes) Keycloak works fine (using default h2) , including the ingress.如果没有Postgres(删除所有数据库属性),Keycloak可以正常工作(使用默认h2),包括入口。 Couldn't find any other information on how to configure it correct.找不到有关如何正确配置它的任何其他信息。
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
restartPolicy: Always
containers:
- name: keycloak
image: jboss/keycloak
imagePullPolicy: IfNotPresent
env:
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "true"
- name: DB_VENDOR
value: "postgres"
- name: DB_DATABASE
value: "keycloak"
- name: DB_ADDR
value: "adress"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "keycloak@db"
- name: DB_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "ssl=true"
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
selector:
app: keycloak
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- host.de
secretName: secret-name
rules:
- host: host.de
http:
paths:
- path: /
backend:
serviceName: keycloak
servicePort: 8080
I expect keycloak to connect to the Postgres-DB.我希望keycloak可以连接到Postgres-DB。
解决方案2
0 2019-10-30 12:23:45
I'm setting up KeyCloak on my Azure-Kubernetes-Cluster.我正在Azure-Kubernetes-Cluster上设置KeyCloak。 KeyCloak is supposed to connect to my Azure-Postgres Database. KeyCloak应该连接到我的Azure-Postgres数据库。 It Fails with: "FATAL: SSL connection is required. Please specify SSL options and retry."失败:“致命:需要SSL连接。请指定SSL选项,然后重试。”
Without Postgres (deleting all DB-Attributes) Keycloak works fine (using default h2) , including the ingress.如果没有Postgres(删除所有数据库属性),Keycloak可以正常工作(使用默认h2),包括入口。 Couldn't find any other information on how to configure it correct.找不到有关如何正确配置它的任何其他信息。
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-deployment
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
restartPolicy: Always
containers:
- name: keycloak
image: jboss/keycloak
imagePullPolicy: IfNotPresent
env:
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "true"
- name: DB_VENDOR
value: "postgres"
- name: DB_DATABASE
value: "keycloak"
- name: DB_ADDR
value: "adress"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "keycloak@db"
- name: DB_PASSWORD
value: "password"
- name: JDBC_PARAMS
value: "ssl=true"
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8080
selector:
app: keycloak
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: keycloak
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- host.de
secretName: secret-name
rules:
- host: host.de
http:
paths:
- path: /
backend:
serviceName: keycloak
servicePort: 8080
I expect keycloak to connect to the Postgres-DB.我希望keycloak可以连接到Postgres-DB。
解决方案3
0 2021-12-14 11:38:24
I stumbled upon this question when I had the exact same problem.当我遇到完全相同的问题时,我偶然发现了这个问题。 I'm using keycloak but connection to a Digital Ocean postgres database over ssl.我正在使用 keycloak,但通过 ssl 连接到 Digital Ocean postgres 数据库。
You can specify the environment variables to be used by JDBC.您可以指定 JDBC 使用的环境变量。 I had to requre ssl and specify my certificate.我必须要求 ssl 并指定我的证书。 This was done with the following environment variable:这是通过以下环境变量完成的:
JDBC_PARAMS=sslmode=require&sslcert=ca-certificate.crt
I mounted the ca-certificate.crt file in (default folder)我在(默认文件夹)中安装了 ca-certificate.crt 文件
/root/.postgresql/ca-certificate.crt
Read more about other possible configuration here:https://jdbc.postgresql.org/documentation/head/connect.html#ssl在此处阅读有关其他可能配置的更多信息:https ://jdbc.postgresql.org/documentation/head/connect.html#ssl
解决方案4
0 2022-01-21 09:26:41
Adding to @DNRN's answer, you need to allow keycloak access to the postgres cert(s).添加到@DNRN的答案中,您需要允许 keycloak 访问 postgres 证书。 A volume mount on the docker container will be owned by root, so you need to change the ownership to jboss.root for whichever folder you mount if you use the jboss/keycloak image. docker 容器上的卷挂载将归 root 所有,因此如果使用jboss/keycloak映像,则需要将挂载的文件夹的所有权更改为jboss.root 。 For example:例如:
chown -R jboss.root /root/.pg_certs/
Note: You need to run the command above as root .注意:您需要以root身份运行上述命令。
解决方案5
0 2023-01-24 13:47:34
Try尝试
name: "JDBC_PARAMS"
value: "sslmode=require"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.