我在将 SSL 证书添加到在 docker 上运行的 Keycloak 时遇到了问题。我从 GoDaddy 购买了 SSL 证书,但不知道如何在 docker 上添加 Keycloak。我搜索了 Google,但一无所获。
你们当中有人能帮助我吗?
以下是Keycloak的Dockerfile代码:
FROM jboss/keycloak:4.6.0.Final
WORKDIR /opt/jboss/keycloak
COPY realm-export.json /opt/jboss/keycloak/
EXPOSE 8443
ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
CMD ["-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Dkeycloak.import=realm-export.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING"]
这是 docker-compose.yml 文件:
version: '2'
services:
keycloak:
build: "./Keycloak + actibook-app client import"
depends_on:
- keycloak-postgres
environment:
- KEYCLOAK_USER=${KEYCLOAK_USER}
- KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
- KEYCLOAK_IMPORT=${KEYCLOAK_IMPORT}
- POSTGRES_USER=${KEYCLOAK_DATABASE_USER}
- POSTGRES_PASSWORD=${KEYCLOAK_DATABASE_PASSW}
- POSTGRES_PORT_5432_TCP_ADDR= keycloak-postgres
ports:
- "8443:8443"
labels:
- "traefik.frontend.passHostHeader=true"
traefik:
build: ./traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
答案1
- 下载 GD-Cert 为 ZIP 文件
- 解开它
- cat {[[a-f0-9],gd}*.crt > yourdomain.chained.crt
将用于生成证书的私钥(例如 your.priv.key)和 yourdomain.chained.crt 复制到您的服务器。例如 /opt/jboss/keycloak/certs
在 services/keycloak 中添加“volumes”部分
services:
keycloak:
volumes:
- /opt/jboss/keycloak/certs/yourdomain.chained.crt:/etc/x509/https/tls.crt
- /opt/jboss/keycloak/certs/your.priv.key:/etc/x509/https/tls.key