错误: container_linux.go:235:启动容器进程导致密钥披风/密钥斗篷-守门人

Question

在Centos7中，当我得到这个错误时，我试图通过docker启动2个容器：

error: container_linux.go:235: starting container process caused keycloak/keycloak-gatekeeper

# ls
docker-compose.yml  Dockerfile  gatekeeper-be.conf  gatekeeper-fe.conf  nginx-conf.d  README.MD

=================

# cat docker-compose 

    version: '3.2'

    networks:
      network-bo-network:
        driver: "bridge"
        ipam:
          config:
            - subnet: "173.200.1.0/24"

      gatekeeper-fe:
        image: keycloak/keycloak-gatekeeper:latest
        command: /keycloak-proxy --config /opt/keycloak-gatekeeper/gatekeeper.conf
        volumes:
          - ./gatekeeper-fe.conf:/opt/keycloak-gatekeeper/gatekeeper.conf
        networks:
          network-bo-network:
            ipv4_address: "173.200.1.3"


      network-bo-nginx:
        image: nginx:1.17
        ports:
          - "83:80"
        volumes:
        - ./nginx-conf.d:/etc/nginx/conf.d
        networks:
          network-bo-network:
            ipv4_address: "173.200.1.5"

===========================================

cat gatekeeper-fe.conf

    ClientID is the client id
    client-id: client-bo-app
    ## ClientSecret is the secret for AS
    client-secret: xxxxxxxxxxxxxxxxxxx
    ## DiscoveryURL is the url for the keycloak server
    discovery-url: https://xxxxxxxxxxxxxxxxxxxx
    ## SkipOpenIDProviderTLSVerify skips the tls verification for openid provider communication
    skip-openid-provider-tls-verify: true
    ## EnableDefaultDeny indicates we should deny by default all requests
    enable-default-deny: true
    ## EnableRefreshTokens indicate's you wish to ignore using refresh tokens and re-auth on expiration of access token
    enable-refresh-tokens: true
    ## EncryptionKey is the encryption key used to encrypt the refresh token
    encryption-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ## Listen is the binding interface
    listen: :8081
    ## Upstream is the upstream endpoint i.e whom were proxying to
    upstream-url: http://173.200.1.1:8082
    ## EnableLogging indicates if we should log all the requests
    enable-logging: true
    ## EnableJSONLogging is the logging format
    enable-json-logging: true
    ## PreserveHost preserves the host header of the proxied request in the upstream request
    preserve-host: true
    ## NoRedirects informs we should hand back a 401 not a redirect
    no-redirects: true
    ##  AddClaims is a series of claims that should be added to the auth headers
    add-claims:
     - email
     - given_name
     - family_name
     - name
    ## Resources configuration
    resources:
     - uri: /api/v1/metadata
       methods:
        - GET
       white-listed: true


==================================================

# docker-compose up 

    WARNING: Found orphan containers (network-bo-dev_network-bo-postgres_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
    network-bo-dev_network-bo-nginx_1 is up-to-date
    Creating network-bo-dev_gatekeeper-fe_1 ... error

    ERROR: for network-bo-dev_gatekeeper-fe_1  Cannot start service gatekeeper-fe: oci runtime error: container_linux.go:235: starting container process caused "container init exited prematurely"


    ERROR: for gatekeeper-fe  Cannot start service gatekeeper-fe: oci runtime error: container_linux.go:235: starting container process caused "container init exited prematurely"

    ERROR: Encountered errors while bringing up the project.

Answer 1

您应该提供https://stackoverflow.com/help/minimal-reproducible-example提供的坞-撰写没有正确的语法。

有几个明显的错误：

图像中的--config /opt/keycloak-gatekeeper/gatekeeper.conf

• first
• 网关守二进制有/opt/keycloak-gatekeeper位置，而不是/keycloak-proxy，但是下面看
• 使用的图像使用entrypoint=/opt/keycloak-gatekeeper=>命令只需要在二进制后的那一部分，例如：gatekeeper-fe.conf中的/opt/keycloak-gatekeeper行应该是注释H 213F 214