JHipster Registry 与来自不同容器的 Keyloak 之间的通信
[英]Communication between JHipster Registry and Keyloak from different containers
问题描述
我正在尝试实现一个简单的微服务基础设施 Jhipster。 当我创建微服务和网关时,我选择了 Oauth2 作为安全性。 项目已创建。 我使用以下 keycloak.yml 启动了 Keyclok。 看来启动成功了。 创建领域、客户和用户
docker-compose -f src/main/docker/keycloak.yml up
This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
keycloak:
image: jboss/keycloak:16.1.0
command:
[
'-b',
'0.0.0.0',
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
'-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
'-Djboss.socket.binding.port-offset=1000',
'-Dkeycloak.profile.feature.upload_scripts=enabled',
]
volumes:
- ./realm-config:/opt/jboss/keycloak/realm-config
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- DB_VENDOR=h2
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:9080:9080
- 127.0.0.1:9443:9443
- 127.0.0.1:10990:10990
然后我尝试使用以下命令运行 jhipster 注册表。
docker-compose -f src/main/docker/jhipster-registry.yml up
jhipster-registry.yml
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
jhipster-registry:
image: jhipster/jhipster-registry:v7.3.0
volumes:
- ./central-server-config:/central-config
# When run with the "dev" Spring profile, the JHipster Registry will
# read the config from the local filesystem (central-server-config directory)
# When run with the "prod" Spring profile, it will read the configuration from a Git repository
# See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=dev,api-docs,oauth2
- SPRING_SECURITY_USER_PASSWORD=admin
- JHIPSTER_REGISTRY_PASSWORD=admin
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
# For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=jhipster-registry
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=jhipster-registry
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:8761:8761
我向 etc/hosts 添加了以下行
127.0.0.1 钥匙斗篷
127.0.0.1 jhipster-注册表
当我检查 jhipster 注册表日志时,有一些关于 euroka 的例外情况。
INFO 1 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_JHIPSTER-REGISTRY/jhipsterReg
istry:8e0fa8188498e671983ba4002054c82d: registering service...
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:06:33.350 INFO 1 --- [nfoReplicator-0] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution error. endpoint=DefaultEndp
oint{ serviceUrl='http://admin:admin@localhost:8761/eureka/}, exception=java.net.ConnectException: Connection refused (Connection refused) stacktrace=com.sun.jersey.api.client.ClientHa
ndlerException: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.Client.handle(Client.java:652)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.register(AbstractJerseyEurekaHttpClient.java:57)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:121)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:80)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:120)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:876)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.lang.Thread.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | Caused by: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.Socket.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173)
0416b4df1858_docker_jhipster-registry_1 | ... 29 more
0416b4df1858_docker_jhipster-registry_1 |
如果我尝试使用 127.0.0.1:8761 访问 jhipster 注册表控制台,我会得到有关授权的异常
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:10:08.796 WARN 1 --- [ XNIO-1 task-2] o.z.problem.spring.common.AdviceTraits : Unauthorized: Full authentication is required
to access this resource
你能帮助实现问题。 我认为有两个问题。 其中之一与连接 Euroka 有关。 但是我没有得到理由。 Jhipster Registry 已经包含 Euroka。 其他问题与 keycloak 和 jhipster registry 之间的通信有关
编辑后的撰写文件
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
jhipster-registry:
image: jhipster/jhipster-registry:v7.3.0
volumes:
- ./central-server-config:/central-config
# When run with the "dev" Spring profile, the JHipster Registry will
# read the config from the local filesystem (central-server-config directory)
# When run with the "prod" Spring profile, it will read the configuration from a Git repository
# See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=dev,api-docs,oauth2
- SPRING_SECURITY_USER_PASSWORD=admin
- JHIPSTER_REGISTRY_PASSWORD=admin
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
# For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=jhipster-registry
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=jhipster-registry
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:8761:8761
keycloak:
image: jboss/keycloak:16.1.0
command:
[
'-b',
'0.0.0.0',
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
'-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
'-Djboss.socket.binding.port-offset=1000',
'-Dkeycloak.profile.feature.upload_scripts=enabled',
]
volumes:
- ./realm-config:/opt/jboss/keycloak/realm-config
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- DB_VENDOR=h2
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:9080:9080
- 127.0.0.1:9443:9443
- 127.0.0.1:10990:10990
2 个解决方案
解决方案1
0 2022-04-14 22:07:28
127.0.0.1是localhost ,但每个容器都在 own.network 命名空间中运行,因此每个容器都有自己的127.0.0.1/localhost + 你的操作系统也有自己的127.0.0.1/localhost 。
如果您对容器使用host.network = 将network_mode键设置为host ,您的设置将与容器“共享”一个操作系统的127.0.0.1/localhost : https://docs.docker.com/compose/compose-file/compose -file-v3/.network_mode
解决方案2
0 2022-04-15 09:24:28
如果将 docker 组合文件组合在一起,JHipster 将能够与主机 keyckoak 上的 Keycloak 通信。 这有一个额外的好处。 您只需运行一条命令即可启动这两项服务。 您还可以使用一个命令停止它们。
您仍然需要保留 keycloak 的 /etc/hosts 条目,以便您可以在浏览器中访问 keycloak 登录页面。
要先运行启动 keycloak,然后启动 jhipster。
Docker-compose up keycloak
等待全面启动
Docker-compose up jhipster
JHipster-AWS Beanstalk中的问题部署Jhipster注册表
[英]JHipster - Issue Deploy Jhipster Registry in AWS Beanstalk
如何使JHipster应用程序REST服务在不同的Docker容器上运行?
[英]How can I make JHipster applications REST services run on different docker containers?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.