带钥匙斗篷的Shinyproxy重定向了太多次

Question

我正在尝试获得一个使用keycloak的shinyproxy的基本示例。这是我的Dockerfile

FROM openjdk:11-jre

RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.3.1.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml

WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]

这是我的docker-compose.yml

version: "3.7"

services:
  mysql:
      image: mysql:5.7
      volumes:
        - mysqldata:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
        PROXY_ADDRESS_FORWARDING: 'true'
      ports:
        - 8010:8080
      #networks:
      #  - shinyproxy-net
      depends_on:
        - mysql
  shinyproxy:
    build: .
    image: shinyproxy
    ports:
      - '8020:8080'
    networks:
      - shinyproxy-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  shinyproxy-net:
    external: true
volumes:
  mysqldata:
      driver: local

这是我的application.yml

proxy:
  port: 8080
  authentication: keycloak
  useForwardHeaders: true  # not sure if necessary or not
  admin-groups: admins
  keycloak:
    realm: shinyproxy                                                     
    auth-server-url: http://localhost:8010/auth
    resource: shinyproxy                                                  
    credentials-secret: aa205d81-ae00-4b59-bca6-4c41074c633c
  docker:
      internal-networking: true
  specs:
  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app 
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
  - id: 06_tabsets
    container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
logging:
  file:
    shinyproxy.log

当我转到http://localhost:8020/并与我在http://localhost:8010/中创建的用户进行身份验证时，我会得到一个太多次的重定向错误。

我做错什么了？

Answer 1

我也有同样的问题，我调查了很多.我注意到了“重定向-太多次”背后的错误是什么。

ERROR 1 --- [  XNIO-1 task-1] o.k.adapters.OAuthRequestAuthenticator: failed to turn code into token

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我试图通过添加安全证书来解决这个问题，如下面的链接https://hub.docker.com/r/jboss/keycloak/所示，在“设置TLS(SSL)”一节中使用@Vsoma在此链接Keycloak SSL setup using docker image中指示的解决方案，并将Keycloak服务的数量添加到容器中，如下所示：

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./themes/mytheme:/opt/jboss/keycloak/themes/mytheme
  - ./keycloak/certs:/etc/x509/https

并在standalone.xml中添加以下行：

<socket-binding name = "proxy-https" port = "443"/>

这不是一个明确的答案，但我认为这是解决问题的一个重大进展。