docker 容器之间的通信(keycloak 和 spring)
[英]communication between docker containers (keycloak and spring)
问题描述
So I have created a java spring boot application which uses Keycloak for authenticating its users.
所以我创建了一个 java spring boot 应用程序,它使用 Keycloak 来验证其用户。 When I run keycloak from docker-compose I can sucesfully authenticate when running my application as a standalone jar file or when debugging.当我从 docker-compose 运行 keycloak 时,当我的应用程序作为独立的 jar 文件运行或调试时,我可以成功地进行身份验证。 But when I put my spring boot application as a docker containers inside docker-compose.但是当我将 Spring Boot 应用程序作为 docker 容器放入 docker-compose.yml 时。 I cannot authenticate users anymore.我无法再对用户进行身份验证。
my error log from spring boot docker container:我来自 spring boot docker 容器的错误日志:
springBootApp | 2019-12-19 13:16:41.498 ERROR 1 --- [nio-8081-exec-2] o.k.a.rotation.JWKPublicKeyLocator : Error when sending request to retrieve realm keys
springBootApp |
springBootApp | org.keycloak.adapters.HttpClientAdapterException: IO error
I though that the problem is with network.我认为问题出在网络上。 but all containers are running in the same virtual network.但是所有容器都在同一个虚拟网络中运行。 They are also also in same docker-compose file.它们也在同一个 docker-compose 文件中。
this is my keycloak part:这是我的钥匙斗篷部分:
keycloak:
image: jboss/keycloak
ports:
- 18080:8080
volumes:
- ../keycloak:/opt/jboss/keycloak/imports
command:
- "-b 0.0.0.0 -Dkeycloak.import=/opt/jboss/keycloak/imports/realm-export.json"
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
my spring boot app我的春季启动应用程序
mySpringBootApp:
image: mySpringBootApp:master-1
environment:
- SPRING_PROFILES_ACTIVE=developmentTest
depends_on:
- jaeger
- keycloak
- db
ports:
- "8081:8081"
When I try to use curl localhost:18080 from my host.当我尝试从我的主机使用curl localhost:18080 。 I get the response.我得到了回应。 when I try to use curl from springBootApp docker I get connection refused.当我尝试使用 springBootApp docker 中的 curl 时,连接被拒绝。 So I assume that even though they are in the same network they don't see each other.所以我假设即使他们在同一个网络中,他们也看不到对方。
2 个解决方案
解决方案1
3 2019-12-19 13:30:39
You have to keep in mind that your docker container is isolated from the host it is running on.您必须记住,您的 docker 容器与其运行的主机是隔离的。 localhost for your computer is different then localhost from inside the docker container.您计算机的 localhost 与 docker 容器内的 localhost 不同。
You are using docker-compose and both services are in the same docker-compose.yaml configuration this means you can use the service name of a service to reach it from within another service that is in the same docker-compose file.您正在使用 docker-compose 并且两个服务都在相同的 docker-compose.yaml 配置中,这意味着您可以使用服务的服务名称从同一 docker-compose 文件中的另一个服务中访问它。
In your case the service you want to access is called keycloak and you have mapped its ports as 18080:8080 meaning that from your computer localhost 18080 accesses the port 8080 of this particular container.在您的情况下,您要访问的服务称为 keycloak,您已将其端口映射为 18080:8080,这意味着从您的计算机 localhost 18080 访问此特定容器的端口 8080。
In order to access this container (or service in a docker-compose context) you need to replace localhost by the name of your service.为了访问此容器(或 docker-compose 上下文中的服务),您需要将 localhost 替换为您的服务名称。
In your case to curl the keycloak container from mySprngBootApp container you need to replace lcalhost by the name of the service so long story short: curl keycloak:18080在您从 mySprngBootApp 容器卷曲 keycloak 容器的情况下,您需要将 lcalhost 替换为服务名称,长话短说:curl keycloak:18080
解决方案2
0 2019-12-19 14:16:16
I would define network for your services in docker compose, like:我会在 docker compose 中为您的服务定义网络,例如:
services:
app:
image: some-image
networks:
- my-network-name
networks:
my-network-name:
name: my-global-net
And you can be sure, that services are in the same network and speak via service's name with each other.而且您可以确定,这些服务在同一个网络中并且通过服务的名称相互交谈。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.